A layered security architecture based on cyber kill chain against advanced persistent threats

Bahrami, Pooneh Nikkhah; Dehghantanha, Ali; Dargahi, Tooska; Parizi, Reza M.; Choo, Kim‐Kwang Raymond; Javadi, Hamid Haj Seyyed; Wang, Lizhe; Xhafa, Fatos; Ren, Wei

doi:10.1049/pbpc028e_ch7

Cited by 1 publication

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…vulnerability exploitation, malicious code execution, software modification, and eventually system destruction or data theft. In the network security area, the layered security model is defined as the concept of securing a computer network through a sequence of defensive mechanisms, so that if one fails, another is already in place to prevent an attack [6][9] [34]. The basic assumption on this model is that no single mechanism can successfully safeguard the network from attacks due to the great variety of attacks.…”

Section: Common Stages Of Ikc Models Used In Apt Attacks (Regarding T...mentioning

confidence: 99%

“…advanced persistent threats (APTs) [3] [4]. In this type of attack, the attacker, based on a variety of attack tools and techniques, goes through a next-generation threat life cycle to achieve its target, which is called intrusion kill chain (IKC) or cyber kill chain (CKC) [3][5] [6][9] [10]. In the other words, based on a specified IKC model, the attackers use sequencing of attack stages involving various attack steps to infiltrate the target network and obtain their final goals by moving laterally across multiple hosts of the network for exfiltration of sensitive data or sabotage.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks

Ramaki,

Ghaemi-Bafghi,

Rasoolzadegan

2021

Preprint

View full text Add to dashboard Cite

Nowadays, targeted attacks like Advanced Persistent Threats (APTs) has become one of the major concern of many enterprise networks. As a common approach to counter these attacks, security staff deploy a variety of security and non-security sensors at different lines of defense (Network, Host, and Application) to track the attacker's behaviors during their kill chain. However, one of the drawbacks of this approach is the huge amount of events raised by heterogeneous security and non-security sensors which makes it difficult to analyze logged events for later processing i.e. event correlation for timely detection of APT attacks. Till now, some research papers have been published on event aggregation for reducing the volume of logged low-level events. However, most research works have been provided a method to aggregate the events of a single-type and homogeneous event source i.e. NIDS. In addition, their main focus is only on the degree to which the event volume is reduced, while the amount of security information lost during the event aggregation process is also very important. In this paper, we propose a three-phase event aggregation method to reduce the volume of logged heterogeneous events during APT attacks considering the lowest rate of loss of security information. To this aim, at first, low-level events of the sensors are clustered into some similar event groups and then, after filtering noisy event clusters, the remained clusters are summarized based on an Attribute-Oriented Induction (AOI) method in a controllable manner to reduce the unimportant or duplicated events. The method has been evaluated on the three publicly available datasets: SotM34, Bryant, and LANL. The experimental results show that the method is efficient enough in event aggregation and can reduce events volume up to 99.7% with an acceptable level of information loss ratio (ILR).Keywords Security event management • Event aggregation • Advanced persistent threat • Intrusion kill chain • Heterogeneous event logs.

show abstract

Section: Common Stages Of Ikc Models Used In Apt Attacks (Regarding T...mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks

Ramaki,

Ghaemi-Bafghi,

Rasoolzadegan

2021

Preprint

View full text Add to dashboard Cite

show abstract

A layered security architecture based on cyber kill chain against advanced persistent threats

Cited by 1 publication

References 0 publications

Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks

Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks

Contact Info

Product

Resources

About