Advanced Persistent Threat: New analysis driven by life cycle phases and their challenges

Messaoud, Brahim I D; Guennoun, Karim; Wahbi, Mohamed; Sadik, Mohamed

doi:10.1109/acosis.2016.7843932

Cited by 25 publications

(17 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attack can also use more than one attack vectors simultaneously. [1][2][3][4][5][6][7][8][9][10] Another weakness that help attackers is the fact that 100% secure systems does not exist. Even well designed and protected systems and networks have their weak spots [8].…”

Section: Apt Attackmentioning

confidence: 99%

“…The term "kill chain" originates from military concept and it was adopted to information security as "Cyber Kill Chain" by Lockheed Martin. This commonly used kill chain describes seven stages for an attack, which are i) Reconnaissance, ii) Weaponization, iii) Delivery, iv) Exploitation, v) Installation, vi) Command and Control and vii) Actions on Objective [1,2,7]. Few other similar kill chain definitions to mention are: i) LogRhythm, ii) Lancaster, iii) SDAPT and iv) BSI -model [7].…”

Section: Kill Chainmentioning

confidence: 99%

“…This commonly used kill chain describes seven stages for an attack, which are i) Reconnaissance, ii) Weaponization, iii) Delivery, iv) Exploitation, v) Installation, vi) Command and Control and vii) Actions on Objective [1,2,7]. Few other similar kill chain definitions to mention are: i) LogRhythm, ii) Lancaster, iii) SDAPT and iv) BSI -model [7]. However, these models are practically mechanical execution flows and they do not take into account how sophisticated the attack may be or the fact that attack developers do not have any obligations to follow the phases described in models.…”

Section: Kill Chainmentioning

confidence: 99%

“…To support this argument, for example Stuxnet has a mechanism to autonomously execute several tasks without command and control (phase vi) and thus it is not following the kill chain execution order. Therefore, the authors proposed a new model which is based on six phases, where kill chain phases are combined and considered from attackers intention [7]. Bhatt et al proposed framework for detecting APT's and improvements to kill chain in their paper.…”

Section: Kill Chainmentioning

confidence: 99%

See 3 more Smart Citations

A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory

Bodström

Hämäläinen

2018

Computational Data and Social Networks

View full text Add to dashboard Cite

Advanced Persistent Threat(APT) attacks are a major concern for the modern societal digital infrastructures due to their highly sophisticated nature. The purpose of these attacks varies from long period espionage in high level environment to causing maximal destruction for targeted cyber environment. Attackers are skilful and well funded by governments in many cases. Due to sophisticated methods it is highly important to study proper countermeasures to detect these attacks as early as possible. Current detection methods under-performs causing situations where an attack can continue months or even years in a targeted environment. We propose a novel method for analysing APT attacks through OODA loop and Black Swan theory by defining them as a multivector multi-stage attacks with continuous strategical ongoing campaign. Additionally it is important to notice that for developing better performing detection methods, we have to find the most common factor within these attacks. We can state that the most common factor of APT attacks is communication, thus environment has to be developed in a way that we are able to capture complete network flow and analyse it.

show abstract

Section: Apt Attackmentioning

confidence: 99%

Section: Kill Chainmentioning

confidence: 99%

Section: Kill Chainmentioning

confidence: 99%

Section: Kill Chainmentioning

confidence: 99%

See 2 more Smart Citations

A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory

Bodström

Hämäläinen

2018

Computational Data and Social Networks

View full text Add to dashboard Cite

show abstract

“…Recently, the APT (Advanced Persistent Threat) [2], attack is targeting IT network and allows an unauthorized person to gain access to a corporate LAN and stay there undetected for a long period. The intention of the APT attack is mainly to steal corporate information rather than to cause physical damage to equipment.…”

Section: Introductionmentioning

confidence: 99%

Safety and Security Integration for the Production Industry Under the Resilience Matrix

Davaadorj

Koshijima

2017

WIT Transactions on the Built Environment

View full text Add to dashboard Cite

Plant Owners must protect a legal requirement that specifies the occupational health and system safety of people in the workplace. Furthermore, it is essential to continue to maintain a safer production site together. Industrial control systems (ICS) are connected to the internet for purposes such as information exchange and data analysis for business-oriented operations and labour saving remote maintenance. ICS is also subject to cyber-attacks as a result of using commercial IT equipment, PC, OS to connect to the internet. In this situation, each manufacturer is charged to identify hazards related to the cybersecurity as well as the employee's safety. The term "Cyber-Security" in the production field refers to the risk created by cyber-attacks to the ICS. There is a practical need to adopt global standards for safety and security systematically as a baseline for protecting production environment. Before integrating safety and security standards simultaneously, it is necessary to analyze both specified processes shown, in the clauses of the standard documents. In this paper, the authors would like to discuss a method for implementing IEC 62443 (internationally applied standard for the Owner and operation industrial management security) systematically to integrate into the corporate's safety protection profile specified by OHSAS: 18001.

show abstract

Digital Forensic Acquisition Kill Chain – Analysis and Demonstration

Alendal¹,

Dyrkolbotn²,

Axelsson³

2021

Advances in Digital Forensics XVII

View full text Add to dashboard Cite

The increasing complexity and security of consumer products pose major challenges to digital forensics. Gaining access to encrypted user data without user credentials is a very difficult task. Such a situation may require law enforcement to leverage offensive techniques -such as vulnerability exploitation -to bypass security measures in order to retrieve data in digital forensic investigations.This chapter proposes a digital forensic acquisition kill chain to assist law enforcement in acquiring forensic data using offensive techniques. The concept is discussed and examples are provided to illustrate the various kill chain phases. The anticipated results of applying the kill chain include improvements in performance and success rates in shortterm, case-motivated, digital forensic acquisition scenarios as well as long-term, case-independent planning and research efforts focused on identifying vulnerabilities and leveraging them in digital forensic acquisition methods and tools.

show abstract

Advanced Persistent Threat: New analysis driven by life cycle phases and their challenges

Cited by 25 publications

References 7 publications

A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory

A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory

Safety and Security Integration for the Production Industry Under the Resilience Matrix

Digital Forensic Acquisition Kill Chain – Analysis and Demonstration

Contact Info

Product

Resources

About