Cyber Kill Chain Analysis

Authors: Ionut – Daniel BARBU, Ioan – Cosmin MIHAI & Stefan PRUNA

Published: IJISC Volume 3, Issue 2, Year 2014



The purpose of this paper is to present a structured approach of Advance Persistent Threats attacks and to analyse the intrusion kill chain in order to determine intrusions indicators. The analysis divides the phases of a cyber-attack and map them to response procedures.

Cyber Kill Chain

We highly recommend studying the original Lockheed Martin Cyber Kill Chain White Paper.

Book references:

[1]Adobe. APSA09-01: Security Updates available for Adobe Reader and Acrobat versions 9 and earlier, February 2009. URL

[2]Duran, S. H. Conrad, G. N. Conrad, D. P. Duggan, and E. B. Held. Building A System For Insider Security. IEEE Security & Privacy, 7(6):30{38, 2009. doi: 10.1109/MSP.2009.111.

[3]Keith Epstein and Ben Elgin. Network Security Breaches Plague NASA, November 2008. URL http: //

LTC Ashton Hayes. Defending Against the Unknown: Antiterrorism and the Terrorist Planning Cycle. The Guardian, 10(1):32{36, 2008. URL

[4]Bryan Krekel. Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation, October 2009. URL


[5]James Andrew Lewis. Holistic Approaches to Cybersecurity to Enable Network Centric Operations, April 2008. URL

[6]Mandiant. M-Trends: The Advanced Persistent Threat, January 2010. URL

[7]Microsoft. Microsoft Security Bulletin MS09-017: Vulnerabilities in Microsoft O_ce PowerPoint Could Allow Remote Code Execution (967340), May 2009a. URL

[8]Microsoft. Microsoft Security Advisory (969136): Vulnerability in Microsoft O_ce PowerPoint Could Allow Remote Code Execution, April 2009b. URL

[9]Sarandis Mitropoulos, Dimitrios Patsosa, and Christos Douligeris. On Incident Handling and Response: A state-of-the-art approach. Computers & Security, 5:351{370, July 2006. URL

[10]National Institute of Standards and Technology. Special Publication 800-61: Computer Security Incident Handling Guide, March 2008. URL

[11]National Research Council. Countering the Threat of Improvised Explosive Devices: Basic Research Opportunities (Abbreviated Version), 2007. URL, S. Domyo, Bin-Hui Chou, and K. Sakurai. Exploring Security Countermeasures along the Attack Sequence. In Proc. Int. Conf. Information Security and Assurance ISA 2008, pages 427{432, 2008. doi: 10.1109/ISA.2008.112. Alex Stamos. Aurora” Response Recommendations, February 2010. URL

[12]John A. Tirpak. Find, Fix, Track, Target, Engage, Assess. Air Force Magazine, 83:24{29, 2000. URL http: //

[13]UK-NISCC. National Infrastructure Security Co-ordination Centre: Targeted Trojan Email Attacks, June 2005. URL

[14]United States Army Training and Doctrine Command. A Military Guide to Terrorism in the Twenty-First Century, August 2007. URL

[14]US-CERT. Technical Cyber Security Alert TA05-189A: Targeted Trojan Email Attacks, July 2005. URL

[15]U.S.-China Economic and Security Review Commission. 2008 Report to Congress of the U.S.-China Economic and Security Review Commission, November 2008. URL

We highly recommend studying the original Lockheed Martin Cyber Kill Chain White Paper.

Leave a comment

Filed under General

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s