GroupTracer: Automatic Attacker TTP Profile Extraction and Group Cluster in Internet of Things

Wu, Yixin; Huang, Cheng; Zhang, Xing; Zhou, Hongyi

doi:10.1155/2020/8842539

Cited by 9 publications

(9 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Next, we will present the findings and analysis of the research questions. Watering hole [3,28,79,84,88,99,101,102] Malware [1,3,88,89,[102][103][104][105] Application repackaging [106] Attacks on an Internet-facing server [3,83,89,101] Removable device [3,89,107] Drive-by download [96] Spoofing attack [7,82,108] SQL injection Execution [3,5,82,84,[86][87][88]90,94,97,101,[109][110][111][112][113][114] Zero day, known vulnerability [79,101,115] Remote code execution/Code injection ...…”

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

See 1 more Smart Citation

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation.

show abstract

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

“…Zero-day exploit-This attack takes advantage of an undiscovered software vulnerability for which no updates or fixes are available [3,5,82,84,[86][87][88]90,94,97,101,[109][110][111][112][113][114]; 2.…”

Section: Executionmentioning

confidence: 99%

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…Gao and Fan [10] used a graph database to analyze threat intelligence, indicated their properties and association relationship of industrial Internet security vulnerability data effectively and intuitively, and realized in-depth analysis and evaluation of vulnerability data. Wu et al [11] proposed group tracer to automatically extract the TTP curve, to dig out behind the complex attack and potential attackers through the combination of network attack behavior threat intelligence knowledge. Liu et al [12] analyzed the attack behavior events through threat intelligence and correlated the similar behavior according to the direction of the attack events to investigate the attack stage and protect it.…”

Section: Reat Intelligence Analysismentioning

confidence: 99%

A Threat Intelligence Analysis Method Based on Feature Weighting and BERT-BiGRU for Industrial Internet of Things

Yan

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

The combination of 5G technology and the industrial Internet of things (IIoT) makes it possible to realize the interconnection of all things. Still, it also increases the risk of attacks such as large-scale DDoS attacks and IP spoofing attacks. Threat intelligence is a collection of information causing potential and nonpotential harm to the industrial Internet. Extracting network security entities and their relationships from threat intelligence text and constructing structured threat intelligence information are particularly important for IIoT security protection. However, threat intelligence is mostly text reports, which means the value information needs to be extracted manually by security analysts, and it is highly dependent on personnel experience. Therefore, this study proposes an IIoT threat intelligence analysis method based on feature weighting and BERT-BiGRU. In this method, BERT-BiGRU is used to classify attack behavior and attack strategy. Then, the attack behavior is weighted to make the classified result more accurate according to the relationship between attack strategy and attack behavior in ATT&CK for ICS knowledge. Finally, the possibility of attack and the harm degree of attack are calculated to form the threat value of the attack. The security analysts can judge the emergency response sequence by the threat value to improve the accuracy and efficiency of emergency response. The results indicate that the proposed method in this study is more accurate than the other standard methods and is more suitable for the unstructured threat intelligence analysis of IIoT.

show abstract

Section: Related Workmentioning

confidence: 99%

“…How to detect and respond to APT attacks has become increasingly important for the IoT security since IoT devices are inherently risky and easy to exploit while being heavily exposed to the Internet. 22 As exposed by Drovorub, APT28 hacked at least 500,000 IoT devices, such as routers, video decoders and printers. 4 APT28 attackers usually use phishing emails to carry out attacks and then use botnets to control IoT devices.…”

Section: Aptmentioning

confidence: 99%

Exploring the vulnerability in the inference phase of advanced persistent threats

Guo

et al. 2022

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

In recent years, the Internet of Things has been widely used in modern life. Advanced persistent threats are long-term network attacks on specific targets with attackers using advanced attack methods. The Internet of Things targets have also been threatened by advanced persistent threats with the widespread application of Internet of Things. The Internet of Things device such as sensors is weaker than host in security. In the field of advanced persistent threat detection, most works used machine learning methods whether host-based detection or network-based detection. However, models using machine learning methods lack robustness because it can be attacked easily by adversarial examples. In this article, we summarize the characteristics of advanced persistent threats traffic and propose the algorithm to make adversarial examples for the advanced persistent threat detection model. We first train advanced persistent threat detection models using different machine learning methods, among which the highest F1-score is 0.9791. Then, we use the algorithm proposed to grey-box attack one of models and the detection success rate of the model drop from 98.52% to 1.47%. We prove that advanced persistent threats adversarial examples are transitive and we successfully black-box attack other models according to this. The detection success rate of the attacked model with the best attacked effect dropped from 98.66% to 0.13%.

show abstract

GroupTracer: Automatic Attacker TTP Profile Extraction and Group Cluster in Internet of Things

Cited by 9 publications

References 20 publications

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

A Threat Intelligence Analysis Method Based on Feature Weighting and BERT-BiGRU for Industrial Internet of Things

Exploring the vulnerability in the inference phase of advanced persistent threats

Contact Info

Product

Resources

About