Mobile Advanced Persistent Threat Detection Using Device Behavior (SHOVEL) Framework

Jabar, Thulfiqar; Singh, Manmeet; Al-Kadhimi, Amjed Ahmed

doi:10.1007/978-981-16-8515-6_39

Cited by 5 publications

(8 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To overcome these challenges, behavioral data science has evolved from studying theoretical and empirical issues regarding human behavior [32] to conquering the cyber world and providing a promising alternative to model device behaviors [33]. A device's behavior could be classified as normal or abnormal based on how it operates [8].…”

Section: Common Device Behavioral Sources Used For Attack Detectionmentioning

confidence: 99%

“…It helps security analysts and system specialists to analyze the design from the attackers' perspective in order to better understand APT's TTP [191]. Fingerprinting is a collection of information about a cyberthreat that identifies the Tactic, Technique, and Procedure (TTP) utilized to perpetrate the attack [8]. These fingerprints can be handled from different sources such as mobile device resource usage (such as CPU, memory, etc.)…”

Section: To Design Attack Paths Using Threat Modeling Approachesmentioning

confidence: 99%

“…The purpose of this solution is to determine the risk faced by each mobile user as the risk of each device's behavior varies according to the user's behavior [18]. User behavior may be described as the actions of a mobile user, whether malicious or not, that contribute to APT attacks [8]. One example is users A and B using the same mobile application.…”

Section: To Design An Apt Solution That Is Personalized Based On Mobi...mentioning

confidence: 99%

“…APTs then employs either cyber techniques such as spear phishing and a watering hole or physical attacks to deliver the payload to the targeted system. Instead of directly executing a large number of activities, only a few essential activities are performed or conceal the payload [8]. A successful APT attack might persist for months or even years.…”

Section: Introductionmentioning

confidence: 99%

“…MITRE ATT&CK-MITRE ATT&CK is an acronym for the Massachusetts Institute of Technology Research and Engineering, Adversarial Tactics, Techniques, and Common Knowledge [8]. MITRE established the Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework in 2013 in an effort to better understand cyber threats [56].…”

mentioning

confidence: 99%

See 4 more Smart Citations

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

Self Cite

View full text Add to dashboard Cite

During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation.

show abstract

Section: Common Device Behavioral Sources Used For Attack Detectionmentioning

confidence: 99%

Section: To Design Attack Paths Using Threat Modeling Approachesmentioning

confidence: 99%

Section: To Design An Apt Solution That Is Personalized Based On Mobi...mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

Fingerprinting generation for Advanced Persistent Threats (APT) detection using Machine Learning techniques

Yi,

Singh,

Sodhy

et al. 2023

2023 13th International Conference on Information Technology in Asia (CITA)

View full text Add to dashboard Cite

A Sophisticated Deep Learning Framework of Advanced Techniques to Detect Malicious Users in Online Social Networks

Terumalasetti,

2023

IJACSA

View full text Add to dashboard Cite

Malicious user detection is a cybersecurity exploration domain because of the emergent jeopardies of data breaches and cyberattacks. Malicious users have the potential to detriment the system by engaging in unauthorized actions or thieving sensitive data. This paper proposes the dual-powered CLM technique (Convolution neural networks and LSTM) and optimization technique, a sophisticated methodology for distinguishing malicious user behavior that assimilates LSTM and CNN, and finally optimization technique to enhance the results. A genetic algorithm is used to augment the model's capability to perceive altering and nuanced malicious performance by fine-tuning its parameters. Due to the rising vulnerabilities of data breaches and cyber-attacks, malicious user identification in OSN (Online Social Networks) is a significant topic of research in cybersecurity. The proposed technique pursues to ascertain anomalous user behavior patterns by assessing vast quantities of data generated by digital systems with CLM and optimizing detection accuracy with genetic algorithms. On a public dataset of social media bot dataset, a twibot-20 dataset comprehending user activity data, was explored to measure the performance of the suggested methodology. The outcomes demonstrated that, in comparison to conventional machine learning algorithms like SVM and RF, which respectively obtained 92.3% and 88.9% accuracy, our technique, had a better accuracy of 98.7%. Moreover, the other metrics measures were assessed, and the proposed technique outperformed traditional machine learning algorithms in each situation.

show abstract

Mobile Advanced Persistent Threat Detection Using Device Behavior (SHOVEL) Framework

Cited by 5 publications

References 15 publications

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Fingerprinting generation for Advanced Persistent Threats (APT) detection using Machine Learning techniques

A Sophisticated Deep Learning Framework of Advanced Techniques to Detect Malicious Users in Online Social Networks

Contact Info

Product

Resources

About