APT beaconing detection: A systematic review

Talib, Manar Abu; Nasir, Qassim; Nassif, Ali Bou; Mokhamed, Takua; Ahmed, Nafisa; Mahfood, Bayan

doi:10.1016/j.cose.2022.102875

Cited by 14 publications

(7 citation statements)

References 75 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors of [33] discussed the strategies and procedures that can be utilized to identify APTs, specifically to recognize beaconing, during the lifecycle of an APT.…”

Section: Detection Of Apt On Mobile Devices Based On Applications And...mentioning

confidence: 99%

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

2023

View full text Add to dashboard Cite

Advanced persistent threat (APT) refers to a specific form of targeted attack used by a well-organized and skilled adversary to remain undetected while systematically and continuously exfiltrating sensitive data. Various APT attack vectors exist, including social engineering techniques such as spear phishing, watering holes, SQL injection, and application repackaging. Various sensors and services are essential for a smartphone to assist in user behavior that involves sensitive information. Resultantly, smartphones have become the main target of APT attacks. Due to the vulnerability of smartphone sensors, several challenges have emerged, including the inadequacy of current methods for detecting APTs. Nevertheless, several existing APT solutions, strategies, and implementations have failed to provide comprehensive solutions. Detecting APT attacks remains challenging due to the lack of attention given to human behavioral factors contributing to APTs, the ambiguity of APT attack trails, and the absence of a clear attack fingerprint. In addition, there is a lack of studies using game theory or fuzzy logic as an artificial intelligence (AI) strategy for detecting APT attacks on smartphone sensors, besides the limited understanding of the attack that may be employed due to the complex nature of APT attacks. Accordingly, this study aimed to deliver a systematic review to report on the extant research concerning APT detection for mobile sensors, applications, and user behavior. The study presents an overview of works performed between 2012 and 2023. In total, 1351 papers were reviewed during the primary search. Subsequently, these papers were processed according to their titles, abstracts, and contents. The resulting papers were selected to address the research questions. A conceptual framework is proposed to incorporate the situational awareness model in line with adopting game theory as an AI technique used to generate APT-based tactics, techniques, and procedures (TTPs) and normal TTPs and cognitive decision making. This framework enhances security awareness and facilitates the detection of APT attacks on smartphone sensors, applications, and user behavior. It supports researchers in exploring the most significant papers on APTs related to mobile sensors, services, applications, and detection techniques using AI.

show abstract

“…The authors of [33] discussed the strategies and procedures that can be utilized to identify APTs, specifically to recognize beaconing, during the lifecycle of an APT.…”

Section: Detection Of Apt On Mobile Devices Based On Applications And...mentioning

confidence: 99%

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

2023

View full text Add to dashboard Cite

show abstract

“… References No. of studies Duration Framework/model Hussain et al [ 15 ] 8 2011–2017 Industrial control system APT defence framework Jabar and Singh [ 16 ] 112 2011–2022 A conceptual framework for identifying and mitigating the severity of abnormal activities across the entire APT lifecycle Talib et al [ 17 ] 122 2007–2022 Not proposed Kotenko et al [ 18 ] 127 2010–2021 Not proposed Khalid et al [ 19 ] 48 2017–2022 Not proposed Model proposed in this paper 75 2012–2022 Effective Cyber Situational Awareness Model to Detect and Predict Mobile APTs (ECSA-tDP-MAPT) based on network traffic …”

Section: Introductionmentioning

confidence: 99%

“…Talib et al [ 17 ] presented a comprehensive analysis of potential APT beaconing detection solutions that can ensure the safety of target organisations. They focused mainly on techniques and strategies that detect C&C malware and beaconing during a targeted APT.…”

Section: Introductionmentioning

confidence: 99%

A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model

Salim

Singh

Keikhosrokiani

2023

Heliyon

View full text Add to dashboard Cite

“…Network attack behaviors, particularly advanced-persistent-threat (APT) attacks, exhibit characteristics including high destructiveness, extreme stealthiness, and long incubation periods. These attacks can carry out targeted attacks and covert theft of critical assets, especially CPSs, making CPSs significant factors affecting the security of government and enterprise networks [2]. Therefore, the network security concern is pressing.…”

Section: Introductionmentioning

confidence: 99%

“…However, CPS attack behavior data have often been scarce, making it challenging to collect a comprehensive dataset [6]. (2) Difficulty in selecting high-dimensional data features: CPS attack behavior samples encompass numerous data features related to network interactions. Handling high-dimensional data has not only increased storage and computational costs but has also posed challenges to uncovering hidden features of attack behaviors [7].…”

Section: Introductionmentioning

confidence: 99%

ResADM: A Transfer-Learning-Based Attack Detection Method for Cyber–Physical Systems

Wang,

Zhang,

Zhu

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

Deep learning has proven to be effective for enhancing the accuracy and efficiency of attack detection through training with large sample sizes. However, when applied to cyber–physical systems (CPSs), it still encounters challenges such as scarcity of attack samples, the difficulty of selecting features for high-dimensional data, and weak model-generalization ability. In response, this paper proposes ResADM, a transfer-learning-based attack detection method for CPSs. Firstly, an intentional sampling method was employed to construct different sets of samples for each class, effectively balancing the distribution of CPS-attack samples. Secondly, a feature-selection method based on importance was designed to extract the meaningful features from attack behaviors. Finally, a transfer-learning network structure based on ResNet was constructed, and the training parameters of the source model were optimized to form the network-attack detection method. The experimental results demonstrated that ResADM effectively balanced the data classes and extracted 32-dimensional attack-behavior features. After pre-training on the UNSW-NB15 dataset, ResADM achieved a detection accuracy of up to 99.95% for attack behavior on the CICIDS2017 dataset, showcasing its strong practicality and feasibility.

show abstract

APT beaconing detection: A systematic review

Cited by 14 publications

References 75 publications

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques

A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model

ResADM: A Transfer-Learning-Based Attack Detection Method for Cyber–Physical Systems

Contact Info

Product

Resources

About