A Novel Search Engine to Uncover Potential Victims for APT Investigations

Liu, Shun-Te; Chen, Yiming; Lin, Shiou-Jing

doi:10.1007/978-3-642-40820-5_34

Cited by 12 publications

(6 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…al. [13] proved that analyzing a huge volume of HTTP requests with Hadoop and Lucene can help to quickly uncover potential victims based on a known APT victim.…”

Section: Security Awareness Trainingmentioning

confidence: 99%

See 1 more Smart Citation

A Study on Advanced Persistent Threats

Chen

Desmet

Huygens

2014

Advanced Information Systems Engineering

237

124

View full text Add to dashboard Cite

A recent class of threats, known as Advanced Persistent Threats (APTs), has drawn increasing attention from researchers, primarily from the industrial security sector. APTs are cyber attacks executed by sophisticated and well-resourced adversaries targeting specific information in high-profile companies and governments, usually in a long term campaign involving different steps. To a significant extent, the academic community has neglected the specificity of these threats and as such an objective approach to the APT issue is lacking. In this paper, we present the results of a comprehensive study on APT, characterizing its distinguishing characteristics and attack model, and analyzing techniques commonly seen in APT attacks. We also enumerate some non-conventional countermeasures that can help to mitigate APTs, hereby highlighting the directions for future research.

show abstract

“…al. [13] proved that analyzing a huge volume of HTTP requests with Hadoop and Lucene can help to quickly uncover potential victims based on a known APT victim.…”

Section: Security Awareness Trainingmentioning

confidence: 99%

“…However, they are not as comprehensive as our presented analysis. As for the countermeasures, several academic researchers proposed the use of big data analytics for APT detection [4,13].…”

Section: Related Workmentioning

confidence: 99%

A Study on Advanced Persistent Threats

Chen

Desmet

Huygens

2014

Advanced Information Systems Engineering

237

124

View full text Add to dashboard Cite

show abstract

“…Most of the research in the area of APT detection, has focused on analysing already identified APTs [15][16][17][18][19][20][21], or detecting a particular APT that uses a 30 specific piece of malware [22]. Some works have attempted to detect novel APT attacks.…”

Section: Introductionmentioning

confidence: 99%

“…The potential cost of attacks is the major motivation for the investments in intrusion detection and prevention systems [13]. APTs are currently one of the most serious threats to companies and governments [14].Most of the research in the area of APT detection, has focused on analysing already identified APTs [15][16][17][18][19][20][21], or detecting a particular APT that uses a 30 specific piece of malware [22]. Some works have attempted to detect novel APT attacks.…”

mentioning

confidence: 99%

Detection of advanced persistent threat using machine-learning correlation analysis

Ghafir

Hammoudeh

Přenosil

et al. 2018

Future Generation Computer Systems

221

107

View full text Add to dashboard Cite

Item Type Article Authors Ghafir, Ibrahim; Hammoudeh, M.; Prenosil, V.; Han, L.; Hegarty, R.; Rabie, K.; Aparicio-Navarro, F.J. Citation Ghafir I, Hammoudeh M, Prenosil V (et al) Detection of advanced persistent threat using machine-learning correlation analysis. Future Generation Computer Systems. 89: 349-359. Rights Citation: Ghafir I, Hammoudeh M, Prenosil V (et al) Detection of advanced persistent threat using machine-learning correlation analysis. Future Generation Computer Systems. 89: 349-359. AbstractAs one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%.to a technical report by Trend Micro [11], this assumption is no longer valid with the rise of targeted attacks, Advanced Persistent Threats (APTs), in which both cyber-criminals and hackers are targeting selected organizations and persisting until they achieve their goals.The APT attack is a persistent, targeted attack on a specific organisation 20 and is performed through several steps [12]. The main aim of APT is espionage and then data exfiltration. Therefore, APT is considered as a new and more complex version of multi-step attack. These APTs present a challenge for current detection methods as they use advanced techniques and make use of unknown vulnerabilities. Moreover, the economic damage due to a successful 25 APT attack significant. The potential cost of attacks is the major motivation for the investments in intrusion detection and prevention systems [13]. APTs are currently one of the most serious threats to companies and governments [14].Most of the research in the area of APT detection, has focused on analysing already identified APTs [15][16][17][...

show abstract

“…In recent years, threats to computer networks have evolved from conventional denial-of-service and malware attacks launched by individuals and small groups of hackers. Organizations now face threats from state-sponsored and organized criminal organizations that deploy targeted, strategic, stealthy, persistent, and multistep attacks that have dire implications, characteristics often associated with a category of threats called advanced persistent threats (Liu, Chen, & Lin, 2013). Such attacks are likely to go unnoticed for several months.…”

Section: Introductionmentioning

confidence: 99%