nach oben

Cluster Computing

Erschienen in:

31.10.2017

A temporal correlation and traffic analysis approach for APT attacks detection

verfasst von: Jiazhong Lu, Kai Chen, Zhongliu Zhuo, XiaoSong Zhang

Erschienen in: Cluster Computing | Sonderheft 3/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Advanced persist threat (APT for short) is an emerging attack on the Internet. Such attack patterns leave their footprints spatio-temporally dispersed across many different type traffics in victim machines. However, existing traffic analysis systems typically target only a single type of traffic to discover evidence of an attack and therefore fail to exploit fundamental inter-traffic connections. The output of such single-traffic analysis can hardly detect the complete APT attack story for complex, multi-stage attacks. Additionally, some existing approaches require heavyweight system instrumentation, which makes them impractical to deploy in real production environments. To address these problems, we present an automated temporal correlation traffic detection system (ATCTDS). Inspired by anomaly traffic analytics research in big data network analysis, we model multi-type traffic analysis as a detection problem. Our evaluation with 36 well-known APT attack dataset demonstrates that our system can detect attack behaviors from a spectrum of cyber attacks that involve multiple types with high accuracy and low false positive rates.

Vorheriger Artikel Dynamics of manipulation in voting, veto and plurality

Nächster Artikel No projection in the residual network

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

de Vries, J., Hoogstraaten, H., van den Berg, J.., Daskapan, S.: Systems for Detecting Advanced Persistent Threats. In: Proceedings of the 2012 International Conference on Cyber Security (2012)

Cole, E.: Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization. Waltham, Syngress (2013)

Virvilis, N., Gritzalis, D.: Trusted computing vs. advanced persistent threats: can a defender win this game? In: Proceedings of the 10th IEEE International Conference on Autonomous and Trusted Computing, pp. 396–403. IEEE Press, Italy, (2013)

Virvilis, N., Gritzalis, D.: The big four—what we did wrong in Advanced Persistent Threat detection? In: Proceedings Of the 8th International Conference on Availability, Reliability and Security, pp. 248–254, IEEE, Germany (2013)

Beuhring, A., Salous, K.: Beyond blacklisting: cyber defense in the era of advanced persistent threats. Secur. Priv. IEEE 12(5), 90–93 (2014)CrossRef

Wang, X., Zheng, K.F., Niu, X.X., Wu, B., Wu, C.H.: Detection of command and control in advanced persistent threat based on independent access. In: Proceedingsof the IEEE ICC 2016 Communication and Information Systems Security Symposium, (2016)

Zhao, G.D., Xu, K., Xu, B.: Detecting APT malware infections based on malicious DNS and traffic analysis. IEEE Access 3, 1132–1142 (2015)CrossRef

Gu, Z., Pei, K., Wang, Q., Si, L., Zhang, X., Xu,D.: Leaps: detecting camouflaged attacks with statistical learning guided by program analysis. In: Proceedings of the 45th IEEE/IFIP International Conference on Dependable Systems and Networks (2015)

Wang, Y., Wang, Y.G., Liu, J., Huang, J.Z.: A network gene-based framework for detecting advanced persistent Threats. In: Proceedings of the 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (2014)

10.

Jiang, X., Walters, A., Xu, D., Spafford, E.H., Buchholz, F., Wang, Y.M.: Provenance-aware tracing of worm break-in and contaminations: a process coloring approach. In: Proceedings of the 26th IEEE International Conference on Distributed Computing Systems (2006)

11.

Kang, M.G., McCamant, S., Poosankam, P., Song,D.: Dta++: Dynamic taint analysis with targeted control-flow propagation. In: Proceedings of the 18th Network and Distributed System Security Symposium (2011)

12.

Kim, T., Wang, X., Zeldovich, N., and Kaashoek, M.F.: Intrusion recovery using selective re-execution. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (2010)

13.

King, S.T., Mao, Z.M., Lucchetti, D.G., Chen, P.M.: Enriching intrusion alerts through multi-host causality. In: Proceedings of the 12th Network and Distributed System Security Symposium (2005)

14.

Lee, K.H., Zhang, X., and Xu,D.: High accuracy attack provenance via binary-based execution partition. In: Proceedings of the 20th Network and Distributed System Security Symposium (2013)

15.

Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Network and Distributed System Security Symposium (2005)

16.

Wang, K.C., Huang, C.Y., Lin, S.J., Lin, Y.D.: A fuzzy pattern-based filtering algorithm for botnet detection. Comput. Netw. 55, 3275–3286 (2011)CrossRef

17.

Lu, J.Z., Zhang, X.S., Wang, J.F., Ying, L.Y.: APT Traffic Detection Based on time transform [C]. In: Proceedings of the International Conference on ICITBS (2016)

18.

Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)CrossRef

19.

Skopik, F., Friedberg, I., Fiedler, R.: Dealing with advanced persistent threats in smart grid ICT networks. In: Proceedings of the 5th IEEE Innovative Smart Grid Technologies Conference (2014a)

20.

Skopik, F., Settanni, G., Fiedler, R., Friedberg, I.: Semi-synthetic data set generation for security software evaluation. In: Proceedings of the 12th Annual Conference on Privacy, Security and Trust (2014b)

21.

Hong, K.F., Chen, C.C., Chiu, Y.T., and Chou, K.S.: Ctracer: uncover C&C in advanced persistent threats based on scalable Framework for Enterprise Log Data[J]. In: Proceedings of the 2015 IEEE International Congress on Big Data (2015)

22.

Wang, K.C., Huang, C.Y., Lin, S.J., Lin, Y.D.: A fuzzy pattern-based filtering algorithm for botnet detection. Comput. Netw. 55, 3275–3286 (2011)CrossRef

23.

Parkour, M.: Contagio malware database.https://www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION#734479hwy1b97 (2013)

24.

Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 ACM on International Workshop on Security and Privacy analytics (2016)

25.

McAfee Inc.: Combating Advanced Persistent Threats—How to prevent, detect, and remediate APTs (2011)

26.

Chen, T.M., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91–93 (2011)CrossRef

27.

Bencsáth,B., Pék, G., Buttyán, L., Félegyházi, M.: Duqu: Analysis, detection, and lessons learned. In: Proceedings of the ACM European Workshop on System Security (EuroSec) (2012)

28.

Bencsáth, B., Pék, G., Buttyán, L., Felegyhazi, M.: The cousins of stuxnet: duqu, flame, and gauss. Fut. Intern. 4(4), 971–1003 (2012)CrossRef

29.

Koutroumbas, K., Theodoridis, S.: Pattern Recognition. Encyclopedia of Information Systems, pp. 459–479. Academic Press, Cambridge (2003)

30.

Malware Domains List.: http://www.malwaredomains.com//

31.

Sourcefire.: Snort Network Intrusion Detection SystemWeb Site. https://www.snort.org/ (2015)

32.

Kaspersky Lab.: Targeted Cyberattacks. https://APT.securelist.com/ (2015)

Titel: A temporal correlation and traffic analysis approach for APT attacks detection
verfasst von: Jiazhong Lu
Kai Chen
Zhongliu Zhuo
XiaoSong Zhang
Publikationsdatum: 31.10.2017
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe Sonderheft 3/2019
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-017-1256-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Sonderheft 3/2019

Study on coordinated development of urban environment and economy based on cluster computing

Seismic data processing method based on wavelet transform for de-noising

A revised framework of machine learning application for optimal activity recognition

The simulation model on delay time of road accessibility based on intelligent traffic control system

Personalized web page recommendation using case-based clustering and weighted association rule mining

Velocity optimization algorithm of 4-DOF robot end-effectors