An Intelligence-Driven Security-Aware Defense Mechanism for Advanced Persistent Threats

Li, Yuqing; Dai, Wenkuan; Bai, Jie; Gan, Xiaoying; Wang, Jingchao; Wang, Xinbing

doi:10.1109/tifs.2018.2847671

Cited by 44 publications

(15 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Credential access [28] Pass hash [79,82,83,117,118] Man-in-the-middle [119] Password cracking [120] Eavesdropping [78,[80][81][82]85,87,97,105,107,111,[121][122][123] Social engineering Discovery [124] Probe [100,125] Lateral/Internal spear-phishing emails Lateral movement [108] Data leakage Collection Cloud data leakage [126] Removable device C&C and Exfiltration Tunneling over protocol [3,76,79,81,92,97,111,115,[124][125][126][127][128][129][130] DOS Impact [4,82,131] Botnet [108] Software update Data fabrication In this section, the findings and analysis of Research Question 1 related to APT features are presented. APT is a hard-to-detect cyber threat group or campaign that may use familiar attacks (such as spear phishing, watering hole, appl...…”

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation.

show abstract

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…With the continuous improvement of network attack methods, traditional single‐point‐based detection schemes are challenging to cope with new types of attacks such as Stuxnet, Ocenalotus 1-3 . This mainly results from the limitation of intrusion detection data in a single point, which can not train an effective detection model.…”

Section: Introductionmentioning

confidence: 99%

Privacy‐preserving multisource transfer learning in intrusion detection system

Wang

et al. 2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

The increasing scale of the network and the demand for data privacy‐preserving have brought several challenges for existing intrusion detection schemes, which presents three issues: large computational overhead, long training period, and different feature distribution which leads low model performance. The emergence of transfer learning has solved the above problems. However, the existing transfer learning‐based schemes can only operate in plaintext when different domains and clouds are untrusted entities, the privacy during data processing cannot be preserved. Therefore, this paper designs a privacy‐preserving multi‐source transfer learning intrusion detection system (IDS). Firstly, we used the Paillier homomorphic to encrypt models which trained from different source domains and uploaded to the cloud. Then, based on privacy‐preserving scheme, we first proposed a multisource transfer learning IDS based on encrypted XGBoost (E‐XGBoost). The experimental results show that the proposed scheme can successfully transfer the encryption models from multiple source domains to the target domain, and the accuracy rate can reach 93.01% in ciphertext, with no significant decrease in detection performance compared with works in plaintext. The training time of the model is significantly reduced from the traditional hour‐level to the minute‐level.

show abstract

“…Its common methods are long-term access to the target, and this is a very normal behavior in the IoT. [4][5][6] During this period, they will record network structure, penetrate the target's system, reverse the ACL rules, erase related logs after completing the attack, or deploying "disk-wiping malware" to compromised systems to cover their tracks [7][8][9][10][11] APTs are prepared by professional experts who are organized and well-funded. They make today's security threats increasingly difficult to detect and prevent.…”

Section: Introductionmentioning

confidence: 99%

Advanced persistent threat organization identification based on software gene of malware

Chen¹,

Helu²,

Jin³

et al. 2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Since the concept of IoT (Internet of Things) was proposed, it has digitized the real world and has a wide range of applications. However, with tremendous evolution in data acquisition and transfer, a new type of attack represented by advanced persistent threat (APT) has attracted wide attention. APT organization identification for malware is a method to detect APT attacks. However, most of malware is tailored to the goal, it is complex and changeable, or can be updated very quickly. The traditional analysis method is difficult to obtain the source information of APT organization from the malware in the IoT. To this end, we propose a software genes method to solve this problem. Software gene is binary fragment of specific function or information in the software body. In this paper, different from traditional data flow and instruction flow, a new gene model is proposed which combine with knowledge graph of malware behavior. We fill the processed malware information into the gene model to obtain the APT organization gene pool. Of course, the gene pool should be optimized to include the genetic characteristics of APT. In theory, there genetic characteristics can help us identify malware and APT accurately in the IoT. However, biological genetic similarity algorithms cannot be used directly. A genetic similarity algorithm for APT organization identification of malware will be designed instead. Simulations on real-world dataset corroborate theoretical analysis and reveal the possibility of using genes for malware traceability.

show abstract

An Intelligence-Driven Security-Aware Defense Mechanism for Advanced Persistent Threats

Cited by 44 publications

References 26 publications

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Privacy‐preserving multisource transfer learning in intrusion detection system

Advanced persistent threat organization identification based on software gene of malware

Contact Info

Product

Resources

About