A Natural Language Processing Based Trend Analysis of Advanced Persistent Threat Techniques

Niakanlahiji, Amirreza; Wei, Jinpeng; Chu, Bill

doi:10.1109/bigdata.2018.8622255

Cited by 22 publications

(18 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…34 It is possible to take advantage of this approach in order to develop interception methods and defensive plans against offensives by attack teams funded by state actors for espionage or sabotage purposes. 35 ATT&CK contains 14 tactics and more than 500 techniques to counter the attacks of these groups. 37 Figure 1 shows which tactics and techniques are designed based on MITER.…”

Section: Discussionmentioning

confidence: 99%

Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework

Mohamed¹

2022

F1000Res

View full text Add to dashboard Cite

Background: Microsoft Windows Security is a recently implemented safeguard for the Windows operating systems, including the latest versions of Windows10 and 11. However, there is a major shortcoming in this system to stop Advanced Persistent Threat (APT). These are government-financed groups that are funded to attack other government entities. Following the initial security breach, the hacked Windows device is used to access the rest of the network devices in order to transfer data to external storage (Exfiltration). Methods: In this work, we have tested the Microsoft Windows Security system using MITRE CALDERA and ATT&CK frameworks and explain how APT groups are able to bypass Windows Security. Results: In this study we used "54ndc47" agent through GoLang feature in MITRE CALDERA platform to test and bypass Microsoft Windows Security systems (MS Windows 10). Through it, we were able to bypass the Windows Security system and display entire files in the victim's device. Conclusions: In this paper, we have provided recommendations to Microsoft to improve their Windows Security tool through the use of Artificial intelligence (AI).

show abstract

Section: Discussionmentioning

confidence: 99%

Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework

Mohamed¹

2022

F1000Res

View full text Add to dashboard Cite

show abstract

“…APTs use multiple attack techniques and tactics that are executed with stealth and are targeted specifically to achieve a defined goal, most often espionage, remaining inside the network for a long time [8] [18]. Attacks are typically carried out via communication channels such as email or instant messaging by masquerading as legitimate and trustworthy entities [19].…”

Section: A Apt Attack Methodologymentioning

confidence: 99%

“…APTs often rely on social engineering attack vectors namely spear-phishing and water-holing [7] [8]. In this respect, the human factor is a critical element in an organizational computer system, as it is a vulnerable link; the only factor that exercises initiative, and the factor that transcends all the other elements of the entire system [9].…”

Section: Introductionmentioning

confidence: 99%

Dimensions of ‘Socio’ Vulnerabilities of Advanced Persistent Threats

Nicho

McDermott

2019

2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)

View full text Add to dashboard Cite

Advanced Persistent Threats (APT) are highly targeted and sophisticated multi-stage attacks, utilizing zero day or near zero-day malware. Directed at internetworked computer users in the workplace, their growth and prevalence can be attributed to both socio (human) and technical (system weaknesses and inadequate cyber defenses) vulnerabilities. While many APT attacks incorporate a blend of socio-technical vulnerabilities, academic research and reported incidents largely depict the user as the prominent contributing factor that can weaken the layers of technical security in an organization. In this paper, our objective is to explore multiple dimensions of socio factors (non-technical vulnerabilities) that contribute to the success of APT attacks in organizations. Expert interviews were conducted with senior managers, working in government and private organizations in the United Arab Emirates (UAE) over a period of four years (2014 to 2017). Contrary to common belief that socio factors derive predominately from user behavior, our study revealed two new dimensions of socio vulnerabilities, namely the role of organizational management, and environmental factors which also contribute to the success of APT attacks. We show that the three dimensions postulated in this study can assist Managers and IT personnel in organizations to implement an appropriate mix of socio-technical countermeasures for APT threats.

show abstract

“…Since the data collected from these sources exist in natural language or a similar form, not in a standardized form, a method of extracting the context of information from this type of data is required. In [29][30][31][32][33], they propose methods to collect and analyze CTI data using natural language processing and semantic analysis techniques.…”

Section: State Of the Artmentioning

confidence: 99%

BLOCIS: Blockchain-Based Cyber Threat Intelligence Sharing Framework for Sybil-Resistance

Gong

Lee

2020

Electronics

View full text Add to dashboard Cite

The convergence of fifth-generation (5G) communication and the Internet-of-Things (IoT) has dramatically increased the diversity and complexity of the network. This change diversifies the attacker’s attack vectors, increasing the impact and damage of cyber threats. Cyber threat intelligence (CTI) technology is a proof-based security system which responds to these advanced cyber threats proactively by analyzing and sharing security-related data. However, the performance of CTI systems can be significantly compromised by creating and disseminating improper security policies if an attacker intentionally injects malicious data into the system. In this paper, we propose a blockchain-based CTI framework that improves confidence in the source and content of the data and can quickly detect and eliminate inaccurate data for resistance to a Sybil attack. The proposed framework collects CTI by a procedure validated through smart contracts and stores information about the metainformation of data in a blockchain network. The proposed system ensures the validity and reliability of CTI data by ensuring traceability to the data source and proposes a system model that can efficiently operate and manage CTI data in compliance with the de facto standard. We present the simulation results to prove the effectiveness and Sybil-resistance of the proposed framework in terms of reliability and cost to attackers.

show abstract

A Natural Language Processing Based Trend Analysis of Advanced Persistent Threat Techniques

Cited by 22 publications

References 4 publications

Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework

Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework

Dimensions of ‘Socio’ Vulnerabilities of Advanced Persistent Threats

BLOCIS: Blockchain-Based Cyber Threat Intelligence Sharing Framework for Sybil-Resistance

Contact Info

Product

Resources

About