article

Open Access

Cyber reconnaissance techniques

Authors:
Wojciech Mazurczyk

Warsaw University of Technology, Warsaw, Poland

Warsaw University of Technology, Warsaw, Poland
View Profile

,
Luca Caviglione

Applied Mathematics and Information Technologies, Genova, Italy

Applied Mathematics and Information Technologies, Genova, Italy
View Profile

Authors Info & Claims

Communications of the ACM Volume 64 Issue 3March 2021pp 86–95https://doi.org/10.1145/3418293

Published:22 February 2021Publication History

Communications of the ACM

Editorial Notes

The authors have requested minor, non-substantive changes to the VoR and, in accordance with ACM policies, a Corrected VoR was published on May 27, 2021. For reference purposes the VoR may still be accessed via the Supplemental Material section on this page.

Abstract

The evolution of and countermeasures for …

Supplemental Material

Available for Download

pdf

3418293-vor.pdf (2.5 MB)

Version of Record for "Cyber reconnaissance techniques" by Mazurczyk et al, Communications of the ACM, Volume 64, Issue 3 (CACM 64:3).

References

Achleitner, S., La Porta, T., McDaniel, P., Sugrim, S., Krishnamurthy, S.V., Chadha, R. Cyber deception: Virtual networks to defend insider reconnaissance. In Proceedings of the 8^th ACM CCS Intern. Workshop on Managing Insider Security Threats, Oct. 2016, 57--68.Google ScholarDigital Library
Al-Saleh, M. Crandall, J.R. Application-level reconnaissance: Timing channel attacks against antivirus software. In Proceedings of the 4^th USENIX Conf. Large-scale Exploits and Emergent Threats, 2011, 1--8.Google Scholar
Aviv, A., Gibson, K., Mossop, E., Blaze, M., Smith, J.M. Smudge attacks on smartphone touch screens. In Proceedings of the 4^th USENIX Conf. on Offensive Technologies, 2010, 1--7.Google ScholarDigital Library
Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., Sporleder, C. Acoustic side-channel attacks on printers. In Proceedings of the USENIX Security Symposium, 2010, 307--322.Google Scholar
Bazm, M., M. Lacoste, M., M. Südholt, M. and J. Menaud, J. Side-channels beyond the cloud edge: New isolation threats and solutions. In Proceedings of the 1^st Cyber Security in Networking Conf., Oct. 2017, 1--8.Google ScholarCross Ref
Bejtlich, R. The Tao of Network Security Monitoring Beyond Intrusion Detection. Pearson Education, 2004, ISBN: 0-321-24677-2.Google Scholar
Berger, Y., Wool, A. Yeredor, A. Dictionary attacks using keyboard acoustic emanations. In Proceedings of the 13^th ACM Conf. Computer and Communications Security, 2006, 245--254.Google Scholar
Bou-Harb, E., Debbabi, M., Assi, C. Cyber scanning: A comprehensive survey. IEEE Communications Surveys & Tutorials 16, 3 (3rdQ 2014). 1496--1519.Google ScholarCross Ref
Cabaj, K., Gregorczyk, M., Mazurczyk, W., Nowakowski, P., Żórawski, P. Sniffing detection within the network: Revisiting existing and proposing novel approaches. In Proceedings of the 5G Network Security Workshop to be held jointly with the 14^th Intern. Conf. on Availability, Reliability and Security, 2019.Google ScholarDigital Library
Cabana, O., Youssef, A.M., Debbabi, M., Lebel, B., Kassouf, M., Agba, B.L. Detecting, fingerprinting and tracking reconnaissance campaignst industrial control systems. Detection of Intrusions and Malware, and Vulnerability Assessment, LNCS 11543 (June 2019). R. Perdisci, C. Maurice, G. Giacinto, M. Almgren (Eds.). Springer, 89--108.Google Scholar
Caviglione, L., Wendzel, S., Mazurczyk, W. The future of digital forensics: Challenges and the road ahead. IEEE Security & Privacy 15, 6, (Nov./Dec. 2017), 12--17.Google ScholarDigital Library
Caviglione, L., Coccoli, M. Privacy problems with Web 2.0. Computer Fraud & Security 10 (2011), 16--19.Google ScholarCross Ref
Collins, M., Shimeall, T., Faber, S., Janies, J., Weaver R., Shon, M.D., Kadane, J. Using uncleanliness to predict future botnet addresses. In Proceedings of the 7^th ACM SIGCOMM Internet Measurement Conference, 2007, 93--104.Google ScholarDigital Library
Genkin, D., Pattani, M., Schuster, R., Tromer, E. Synesthesia: Detecting screen content via remote acoustic side channels. In Proceedings of the IEEE Symp. Security & Privacy, 2019Google ScholarCross Ref
Goodman, M. Future Crimes. Anchor Books, New York, 2016, ISBN 9780804171458.Google Scholar
Holz, T., Gorecki, C., Rieck, K., Freiling, F. Measuring and detecting fast-flux service networks. In Proceedings of the 15^th Network and Distributed System Security Symp., 2008, 257--268.Google Scholar
Holz, T., Raynal, F. Detecting Honeypots and Other Suspicious Environments. In Proceedings of the 6^th Annual IEEE SMC Information Assurance Workshop, 2005, 29--36.Google Scholar
H2020 Project---Diversity Enhancements for Security Information and Event Management. Project Deliverable D4.1: Techniques and Tools for OSINT-based Threat Analysis; http://disiem-project.eu/wp-content/uploads/2018/06/D4.1v2.pdfGoogle Scholar
Industry Week. Cyberattacks skyrocketed in 2018. Are you ready for 2019?; https://www.industryweek.com/technology-and-iiot/cyberattacks-skyrocketed-2018-are-you-ready-2019Google Scholar
Kocher, P. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the Annual Intern. Cryptology Conf. Springer, Berlin, Heidelberg, 1996, 104--113.Google ScholarCross Ref
Krawetz, N. Anti-honeypot technology. IEEE Security & Privacy 2, 1 (Jan-Feb 2004), 76--79.Google ScholarDigital Library
Lampson, B. A Note on the confinement problem. Commun. ACM 16, 10, (Oct. 1973), 613--615.Google ScholarDigital Library
Lancor, L., Workman, R. Using Google hacking to enhance defense strategies. ACM SIGCSE Bulletin, 2007, 491--495.Google Scholar
Lei, C., Zhang, H.Q., Tan, J.L., Zhang, Y.C., Liu, X.H. Moving target defense techniques: A survey. Security and Communication Networks 2018, 1--25.Google ScholarDigital Library
Li, Z., Yu, X., Wang, D., Liu, Y., Yin, H., He, S. SuperEye: A distributed port scanning system. Artificial Intelligence and Security LNCS 11635. X. Sun, Z. Pan, E. Bertino, (Eds). Springer, Cham, July 2019, 46--56.Google Scholar
Lockheed Martin. The Cyber Kill Chain; https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.htmlGoogle Scholar
MITRE, ATT&CK Framework; https://attack.mitre.org/Google Scholar
Notra, S., Siddiqi, M., Gharakheili, H.H., Sivaraman, V., Boreli, R. An experimental study of security and privacy risks with emerging household appliances. In Proceedings of the IEEE Conf. on Communications and Network Security, 2014, 79--84.Google ScholarCross Ref
O'Hare, J., Macfarlane, R., Lo, O. Identifying Vulnerabilities Using Internet-Wide Scanning Data. In Proceedings of the 12^th IEEE Intern. Conference on Global Security, Safety and Sustainability, pp. 1--10, 2019.Google Scholar
Ristenpart, T., Tromer, E., Shacham, H., Savage, S. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings 16^th ACM Conf. Computer and Communications Security, 2009, 199--212.Google Scholar
Salahdine, F. Kaabouch, N. Social engineering attacks: A survey. Future Internet 11, 4 (2019), 1--17.Google ScholarCross Ref
Sayakkara, A., N.-A. L.-K., Scanlon, M. A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics. Digital Investigation 29 (2019), 43--54.Google ScholarDigital Library
Siby, S., Maiti, R.R., Tippenhauer, N.O. IoTScanner: Detecting privacy threats in IoT neighborhoods. In Proceedings of the 3^rd ACM Intern. Workshop on IoT Privacy, Trust, and Security, 2017, 23--30.Google ScholarDigital Library
Simon, L., Xu, W., Anderson, R. Don't interrupt me while I type: Inferring text entered through gesture typing on Android keyboards. In Proceedings of Privacy Enhancing Technologies 3 (2016), 136--154.Google ScholarCross Ref
Siponen, M. A Conceptual foundation for organizational information security awareness. Information Management & Computer Security 8, 1 (2000), 31--41.Google ScholarCross Ref
Trabelsi, Z. and Rahmani, H. Detection of sniffers in an Ethernet network. Information Security, LNCC 3225 (Sept. 2004). K. Zhang, Y. Zheng (Eds) Springer, Berlin, Heidelberg, 170--182,Google Scholar
Trabelsi, Z., Rahmani, H., Kaouech, K., Frikha, M. Malicious sniffing systems detection platform. In Proceedings of the Intern. Symp. Applications and the Internet, 2004, 201--207.Google ScholarCross Ref
Trestian, I., Ranjan, S., Kuzmanovic, A., Nucci, A. Googling the Internet: Profiling Internet endpoints via the World Wide Web. IEEE/ACM Trans. Networking 18, 2 (2010), 666--679.Google ScholarDigital Library
Wang, P., Wu, L., Cunningham, R., Zou, C.C. Honeypot detection in advanced botnet attacks. Intern. J. Information and Computer Security 4, 1 (2010), 30--51.Google ScholarDigital Library
Wang, C., Lu, Z. Cyber deception: Overview and the road ahead. IEEE Security & Privacy 16, 2 (M-A 2018), 80--85.Google ScholarCross Ref

Index Terms

Cyber reconnaissance techniques
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Security services
2. Social and professional topics
  1. Professional topics
    1. Computing and business
      1. Employment issues

Recommendations

Countering cyber threats for industrial applications

The widespread adoption of Internet of Things (IoT) in industrial systems has made malware propagation more voluminous and sophisticated. Detection and prevention against these malware threats rely on automated dynamic analysis techniques. Malware ...
Read More
Malware Obfuscation Techniques: A Brief Survey
BWCCA '10: Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications

As the obfuscation is widely used by malware writers to evade antivirus scanners, so it becomes important to analyze how this technique is applied to malwares. This paper explores the malware obfuscation techniques while reviewing the encrypted, ...
Read More
Multi-level sandboxing techniques for execution-based stealthy malware detection
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Communications of the ACM Volume 64, Issue 3
March 2021
115 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/3452024
Editor:
Andrew A. Chien
Association for Computing Machinery, New York, NY
Issue’s Table of Contents
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 February 2021
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- article
- Popular
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 27
  Total Citations
  View Citations
- 26,292
  Total Downloads
- Downloads (Last 12 months)7,459
- Downloads (Last 6 weeks)266
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Cyber reconnaissance techniques

Communications of the ACM

Editorial Notes

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

Countering cyber threats for industrial applications

Malware Obfuscation Techniques: A Brief Survey

Multi-level sandboxing techniques for execution-based stealthy malware detection