Computer scientists at Lockheed-Martin corporation described in 2011 the usage of a new "intrusion kill chain" framework or model to defend computer networks.^[1] They wrote that attacks may occur in stages and can be disrupted through controls established at each stage. The kill chain can also be used as a management tool to help continuously improve network defense. Threats must progress through seven stages in the model:

• Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
• Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
• Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
• Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
• Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
• Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
• Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

A U.S. Senate investigation of the 2013 Target Corporation data breach included analysis based on the Lockheed-Martin kill chain framework. It identified several stages where controls did not prevent or detect progression of the attack.^[2]

	這張圖像是美國海軍軍人或雇員在執行任務時拍攝或繪製的。因本圖像是美國聯邦政府的著作物，本圖像位於公有領域。
	此作品無已知的著作權限制，亦不受所有相關和鄰接的權利限制。

https://creativecommons.org/publicdomain/mark/1.0/PDMCreative Commons Public Domain Mark 1.0falsefalse