Targeted Cyber Attacks - A Superset of Advanced Persistent Threats

Sood, Aditya; Enbody, Richard

doi:10.1109/msp.2012.90

Cited by 96 publications

(93 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example, spearfishing and [67] malicious websites are common approaches to delivering a malicious payload to a target system [94,134]. RATs embedded in a Trojan horse are then often used to take control of a machine.…”

Section: Modeling Advanced Persistent Threatsmentioning

confidence: 99%

“…RATs embedded in a Trojan horse are then often used to take control of a machine. In addition, targeted attacks reportedly employ zero-day vulnerabilities [18,134].…”

Section: Modeling Advanced Persistent Threatsmentioning

confidence: 99%

“…The prime example, Stuxnet, which targeted programmable logic controllers (PLCs) of sensitive industrial systems, was active for at least 3 years until discovery. It utilized four zero-day exploits to achieve its ultimate goal [134]. According to a Symantec study [47], Stuxnet infected close to 100,000 systems across 115 countries.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Semantics-aware detection of targeted attacks: a survey

Luh

Marschalek

Kaiser

et al. 2016

J Comput Virol Hack Tech

View full text Add to dashboard Cite

In today's interconnected digital world, targeted attacks have become a serious threat to conventional computer systems and critical infrastructure alike. Many researchers contribute to the fight against network intrusions or malicious software by proposing novel detection systems or analysis methods. However, few of these solutions have a particular focus on Advanced Persistent Threats or similarly sophisticated multi-stage attacks. This turns finding domainappropriate methodologies or developing new approaches into a major research challenge. To overcome these obstacles, we present a structured review of semantics-aware works that have a high potential for contributing to the analysis or detection of targeted attacks. We introduce a detailed literature evaluation schema in addition to a highly granular model for article categorization. Out of 123 identified papers, 60 were found to be relevant in the context of this study. The selected articles are comprehensively reviewed and assessed in accordance to Kitchenham's guidelines for systematic literature reviews. In conclusion, we combine new insights and the status quo of current research into the concept of an ideal systemic approach capable of semantically processing and evaluating information from different observation points.

show abstract

Section: Modeling Advanced Persistent Threatsmentioning

confidence: 99%

“…RATs embedded in a Trojan horse are then often used to take control of a machine. In addition, targeted attacks reportedly employ zero-day vulnerabilities [18,134].…”

Section: Modeling Advanced Persistent Threatsmentioning

confidence: 99%

See 1 more Smart Citation

Semantics-aware detection of targeted attacks: a survey

Luh

Marschalek

Kaiser

et al. 2016

J Comput Virol Hack Tech

View full text Add to dashboard Cite

show abstract

“…This is problematic especially since defensive measures offered by security vendors typically employ the same signature-based detection approaches that have been used for years. The major drawback of these systems is that the binary patterns required for detection are unlikely to exist at the time of attack, since most APTs are tailored to one specific target and often utilize zero-day exploits [7,48]. In addition, meta-and polymorphic techniques, as well as packers and encryption routines may throw off signature-based systems while the multi-stage nature of APTs makes it generally difficult to interpret findings without additional context [18].…”

Section: Introductionmentioning

confidence: 99%

SEQUIN: a grammar inference framework for analyzing malicious system behavior

Luh

Schramm

Wagner

et al. 2018

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Targeted attacks on IT systems are a rising threat to the confidentiality of sensitive data and the availability of critical systems. The emergence of Advanced Persistent Threats (APTs) made it paramount to fully understand the particulars of such attacks in order to improve or devise effective defense mechanisms. Grammar inference paired with visual analytics (VA) techniques offers a powerful foundation for the automated extraction of behavioral patterns from sequential event traces. To facilitate the interpretation and analysis of APTs, we present SEQUIN, a grammar inference system based on the Sequitur compression algorithm that constructs a context-free grammar (CFG) from string-based input data. In addition to recursive rule extraction, we expanded the procedure through automated assessment routines capable of dealing with multiple input sources and types. This automated assessment enables the accurate identification of interesting frequent or anomalous patterns in sequential corpora of arbitrary quantity and origin. On the formal side, we extended the CFG with attributes that help describe the extracted (malicious) actions. Discovery-focused pattern visualization of the output is provided by our dedicated KAMAS VA prototype.

show abstract

“…In addition, it is unnecessary for these removed nodes and edges to be adjacent. But, by analyzing kill chain attack mode [16,17], we find that nowadays attacks often follow two steps: to intrude nodes and to destroy nodes. In the first step, the attackers will invade a network node by implanting the virus program into it, but they won't immediately destroy the node after that.…”

Section: Introductionmentioning

confidence: 99%

Vulnerability of Complex Networks under Approximate Longest Chain Attack Strategies

Hao¹,

Song²,

Lin³

et al. 2016

ITM Web Conf.

View full text Add to dashboard Cite

Abstract. We proposed three approximate longest chain-attack strategies and studied the vulnerability of complex networks under these intentional attack strategies. Experimental results indicate that when random network and small-world network are under any one of the three chain-attacks, the larger the is, the smaller the iterative step T is. However, scale-free network shows different characteristics: the larger the is, the larger the T is. These findings supplement and extend the previous attack results on nodes and edges, and can thus help us better explain the vulnerability of different complex networks.

show abstract

Targeted Cyber Attacks - A Superset of Advanced Persistent Threats

Cited by 96 publications

References 3 publications

Semantics-aware detection of targeted attacks: a survey

Semantics-aware detection of targeted attacks: a survey

SEQUIN: a grammar inference framework for analyzing malicious system behavior

Vulnerability of Complex Networks under Approximate Longest Chain Attack Strategies

Contact Info

Product

Resources

About