Item Type Article Authors Ghafir, Ibrahim; Hammoudeh, M.; Prenosil, V.; Han, L.; Hegarty, R.; Rabie, K.; Aparicio-Navarro, F.J. Citation Ghafir I, Hammoudeh M, Prenosil V (et al) Detection of advanced persistent threat using machine-learning correlation analysis. Future Generation Computer Systems. 89: 349-359. Rights Citation: Ghafir I, Hammoudeh M, Prenosil V (et al) Detection of advanced persistent threat using machine-learning correlation analysis. Future Generation Computer Systems. 89: 349-359. AbstractAs one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%.to a technical report by Trend Micro [11], this assumption is no longer valid with the rise of targeted attacks, Advanced Persistent Threats (APTs), in which both cyber-criminals and hackers are targeting selected organizations and persisting until they achieve their goals.The APT attack is a persistent, targeted attack on a specific organisation 20 and is performed through several steps [12]. The main aim of APT is espionage and then data exfiltration. Therefore, APT is considered as a new and more complex version of multi-step attack. These APTs present a challenge for current detection methods as they use advanced techniques and make use of unknown vulnerabilities. Moreover, the economic damage due to a successful 25 APT attack significant. The potential cost of attacks is the major motivation for the investments in intrusion detection and prevention systems [13]. APTs are currently one of the most serious threats to companies and governments [14].Most of the research in the area of APT detection, has focused on analysing already identified APTs [15][16][17][...
In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By Security threats to critical infrastructure: the human… 4987 replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today's critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.Keywords Critical infrastructure security · Security awareness · Cyber security training · Work-based security training · Security threats against critical infrastructure
This paper examines the role and value of information security awareness efforts in defending against social engineering attacks. It categories the different social engineering threats and tactics used in targeting employees and the approaches to defend against such attacks. While we review these techniques, we attempt to develop a thorough understanding of human security threats, with a suitable balance between structured improvements to defend human weaknesses, and efficiently focused security training and awareness building. Finally, the paper shows that a multi-layered shield can mitigate various security risks and minimize the damage to systems and data.
Internet users have been attacked by widespread email viruses earlier, but now scenario has been changed. Now attackers are no more interested to just attract media attention by infecting a large number of computers on the network; in fact, their interest has been shifted to compromising and controlling the infected computers for their personal profits. This new attack trend brings the concept of botnets over the global network of computers. With the high reported infection rates, the vast range of illegal activities and powerful comebacks, botnets are one of the main threats against the cyber security. This paper provides the readers with a background on botnet life-cycle, architecture and malicious activities. It also classifies botnet detection techniques, reviews the recent research works on botnet traffic detection and finally indicates some challenges posed to future work on botnet detection.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.