2019
DOI: 10.3390/s19184045
|View full text |Cite
|
Sign up to set email alerts
|

Cyber Situation Comprehension for IoT Systems based on APT Alerts and Logs Correlation

Abstract: With the emergence of the Advanced Persistent Threat (APT) attacks, many Internet of Things (IoT) systems have faced large numbers of potential threats with the characteristics of concealment, permeability, and pertinence. However, existing methods and technologies cannot provide comprehensive and prompt recognition of latent APT attack activities in the IoT systems. To address this problem, we propose an APT Alerts and Logs Correlation Method, named APTALCM and a framework of deploying APTALCM on the IoT syst… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
24
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
4

Relationship

2
6

Authors

Journals

citations
Cited by 18 publications
(24 citation statements)
references
References 16 publications
0
24
0
Order By: Relevance
“…For the sake of carrying on a detailed and objective evaluation of our proposed APT prediction method (APTPMFL), we implement a federated learning prototype on the system log data which are generated within the typical seven APT attack scenarios (Op-Clandestine Fox, Hacking Team, APT on Taiwan, Tibetan and HK, Op-Tropic Trooper, Russian Campaign, and Attack on Aerospace) [26].…”
Section: Experimental Evaluationmentioning
confidence: 99%
See 2 more Smart Citations
“…For the sake of carrying on a detailed and objective evaluation of our proposed APT prediction method (APTPMFL), we implement a federated learning prototype on the system log data which are generated within the typical seven APT attack scenarios (Op-Clandestine Fox, Hacking Team, APT on Taiwan, Tibetan and HK, Op-Tropic Trooper, Russian Campaign, and Attack on Aerospace) [26].…”
Section: Experimental Evaluationmentioning
confidence: 99%
“…It is unfortunate that the appropriate system log dataset and attack alert dataset associated with typical APT attacks are not acquirable. However, our previous work [26] has accomplished the construction of the APT scenario and log instance correlation. erefore, we adopt the labeled log instances and recognized APT scenarios generated in this work as simulated data to evaluate the effectiveness of APTPMFL.…”
Section: Datasets and Experimental Setupmentioning
confidence: 99%
See 1 more Smart Citation
“…The ATT&CK matrix was first proposed by MITRE in 2013. Through the summarization and analysis of real observational data and Advanced Persistent Threats (APT) [33], ATT&CK has gradually developed into a general language for attackers' behavior descrip-tion and a behavior analysis model for the entire life cycle of the attack chain. ATT&CK abstractly describes a framework composed of sequential network attack tactics, each of which covers abundant attack techniques.…”
Section: Attandck Matrixmentioning
confidence: 99%
“…By the huge market scale and broad industry application prospect, IoT has become the current hot research field. With the continuous change of technology and the advent of 5G networks, the scale and complexity of the Internet of Things continue to increase, and the complex network architecture of heterogeneous integration and interconnection of the Internet of Things is facing increasingly prominent security and efficiency issues [2], and data privacy has also become one of the most important issues in the Internet of Things [3]. The security issue of the Internet of Things has increasingly become a hot issue that people are concerned about today.…”
Section: Introductionmentioning
confidence: 99%