Combating advanced persistent threats: From network event correlation to incident detection

Friedberg, Ivo; Skopik, Florian; Settanni, Giuseppe; Fiedler, Roman

doi:10.1016/j.cose.2014.09.006

Cited by 186 publications

(97 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Firmware-level malware checks are also becoming more important to mitigate the possibility of a sophisticated, and deeplyembedded attack. The concept of Advanced Persistent Threats, i.e., slow-moving and deliberate attacks applied to quietly compromise systems without revealing themselves [14], could be particularly relevant here. We highlight this given that there are increasing concerns about the ability of external parties to influence a country's elections [15].…”

Section: Procedural Security Componentsmentioning

confidence: 99%

An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System

Nurse

Agrafiotis

Erola

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The I-Voting system designed and implemented in Estonia is one of the first nationwide Internet voting systems. Since its creation, it has been met with praise but also with close scrutiny. Concerns regarding security breaches have focused on in-person election observations, code reviews and adversarial testing on system components. These concerns have led many to conclude that there are various ways in which insider threats and sophisticated external attacks may compromise the integrity of the system and thus the voting process. In this paper, we examine the procedural components of the I-Voting system, with an emphasis on the controls related to procedural security mechanisms, and on systemtransparency measures. Through an approach grounded in primary and secondary data sources, including interviews with key Estonian election personnel, we conduct an initial investigation into the extent to which the present controls mitigate the real security risks faced by the system. The experience and insight we present in this paper will be useful both in the context of the I-Voting system, and potentially more broadly in other voting systems.

show abstract

Section: Procedural Security Componentsmentioning

confidence: 99%

An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System

Nurse

Agrafiotis

Erola

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Unlike traditional attacks, APT attacks are not launched to interrupt services, but to steal intellectual property rights and sensitive data [2]. An APT attack has the stage and longevity characteristics and uncertain attack channel.…”

Section: Introductionmentioning

confidence: 99%

Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

Zhang

Huo

Liu

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

The APT attack on the Internet is becoming more serious, and most of intrusion detection systems can only generate alarms to some steps of APT attack and cannot identify the pattern of the APT attack. To detect APT attack, many researchers established attack models and then correlated IDS logs with the attack models. However, the accuracy of detection deeply relied on the integrity of models. In this paper, we propose a new method to construct APT attack scenarios by mining IDS security logs. These APT attack scenarios can be further used for the APT detection. First, we classify all the attack events by purpose of phase of the intrusion kill chain. Then we add the attack event dimension to fuzzy clustering, correlate IDS alarm logs with fuzzy clustering, and generate the attack sequence set. Next, we delete the bug attack sequences to clean the set. Finally, we use the nonaftereffect property of probability transfer matrix to construct attack scenarios by mining the attack sequence set. Experiments show that the proposed method can construct the APT attack scenarios by mining IDS alarm logs, and the constructed scenarios match the actual situation so that they can be used for APT attack detection.

show abstract

“…System [5] provides a framework that seeks to generate a particular model depending on the scenario, and using dataset obtained by method proposed in [9]. Two datasets are stored on a stage with no attacks in order to develop the model, and a third set with artificial anomalies to train and evaluate its efficiency.…”

Section: Introductionmentioning

confidence: 99%

“…As the attackers are looking to remain persistent once inside the system, log analysis and identification of behavioral anomalies are usually the key for protecting an infrastructure [5]. This work proposes an intelligent system that generates predictive learning based models of behavior that help us detect anomalous activity that might be classified as APT.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Expert knowledge and data analysis for detecting advanced persistent threats

et al. 2017

View full text Add to dashboard Cite

Critical Infrastructures in public administration would be compromised by Advanced Persistent Threats (APT) which today constitute one of the most sophisticated ways of stealing information. This paper presents an effective, learning based tool that uses inductive techniques to analyze the information provided by firewall log files in an IT infrastructure, and detect suspicious activity in order to mark it as a potential APT. The experiments have been accomplished mixing real and synthetic data traffic to represent different proportions of normal and anomalous activity.

show abstract

Combating advanced persistent threats: From network event correlation to incident detection

Cited by 186 publications

References 26 publications

An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System

An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System

Constructing APT Attack Scenarios Based on Intrusion Kill Chain and Fuzzy Clustering

Expert knowledge and data analysis for detecting advanced persistent threats

Contact Info

Product

Resources

About