Top

The Journal of Supercomputing

Published in:

07-09-2016

A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions

Authors: Saurabh Singh, Pradip Kumar Sharma, Seo Yeon Moon, Daesung Moon, Jong Hyuk Park

Published in: The Journal of Supercomputing | Issue 8/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Recently in the connected digital world, targeted attack has become one of the most serious threats to conventional computing systems. Advanced persistent threat (APT) is currently one of the most important threats considering the information security concept. APT persistently collects data from a specific target by exploiting vulnerabilities using diverse attack techniques. Many researchers have contributed to find approaches and solutions to fight against network intrusion and malicious software. However, only a few of these solutions are particularly focused on APT. In this paper, we introduce a structured study on semantic-aware work to find potential contributions that analyze and detect APT in details. We propose modeling phase that discusses the typical steps in APT attacks to collect the desired information by attackers. Our research explores social network and web infrastructure exploitation as well as communication protocols and much more for future networks and communications. The paper also includes some recent Zero-day attacks, use case scenarios and cyber trends in southeastern countries. To overcome these challenges and attacks, we introduce a detailed comprehensive literature evaluation scheme that classifies and provides countermeasures of APT attack behavior. Furthermore, we discuss future research direction of APT defense framework of next-generation threat life cycle.

previous article Lightweight mutual authentication RFID protocol for secure multi-tag simultaneous authentication in ubiquitous environments

next article DADE: a fast data anomaly detection engine for kernel integrity monitoring

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Chen P, Desmet L, Huygens C (2014) A study on advanced persistent threats. In: ifip International Conference on Communications and Multimedia Security, pp 63–72

Jeun I, Lee Y, Won D (2012) A practical study on advanced persistent threats. Computer applications for security, control and system engineering. Springer, Berlin, Heidelberg, pp 144–152

Moon D, Im H, Lee JD, Jong Park H (2014) MLDS: multi-layer defense system for preventing advanced persistent threats. Symmetry 6(4):997–1010CrossRef

Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur 8:16–19CrossRef

Sood AK, Enbody RJ (2013) Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur Priv 11(1):54–61

Friedberg I, Skopik F, Settanni G, Fiedler R (2015) Combating advanced persistent threats: from network event correlation to incident detection. Comput Secur 48:35–57CrossRef

Ask M, Bondarenko P, Rekdal JE, Nordbø A, Bloemerus P, Piatkivskyi D (2013) Advanced persistent threat (apt) beyond the hype. Project report in IMT4582 Networn security at Gjovin University College. Springer. https://andynor.net/static/fileupload/434/S2_NetwSec_Advanced_Persistent_Threat.pdf. Accessed 11 May 2016

Bodmer S, Kilger M, Carpenter G, Jones J (2012) Reverse deception: organized cyber threat counter-exploitation. McGraw Hill Education. https://www.mhprofessional.com/details.php?isbn=0071772499. Accessed 24 June 2016

Bilge L, Dumitras T (2012) Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, pp 833–844

10.

Zetter K (2011) How digital detectives deciphered Stuxnet, the most menacing malware in history. Wired Mag 11:1–8

11.

Falliere N, Murchu L, Chien E (2015) W32.Stuxnet.Dossier. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier. Accessed 10 May 2016

12.

Mustafa T (2013) Malicious data leak prevention and purposeful evasion attacks: an approach to advanced persistent threat (APT) management. In: Electronics, Communications and Photonics Conference (SIECPC), Saudi International. IEEE, pp 1–5

13.

Information-technology Promotion Agency, Design and Operational Guide to Cope with advanced persistent threats. Japan (IPA) (2011). https://www.ipa.go.jp/security/english/third.html. Accessed 25 Apr 2016

14.

Smith AM, Toppel NY (2009) Case study: using security awareness to combat the advanced persistent threat. In: 13th Colloquium for Information Systems Security Education, pp 64–70

15.

Hoglund G (2009) Advanced persistent threat, what APT means to your enterprise. http://www.issa-sac.org/info_resources/ISSA_20100219_HBGary_Advanced_Persistent_Threat.pdf. Accessed 22 Mar 2016

16.

Dixon CJ, Pinckney T (2013) Indicating website reputations based on website handling of personal information. US Patent no. US 2006/0253583 A1

17.

Bhatti AT (2015) Integrated analysis on case study of steve gibson ddos attack may 4th, 2001: performance of testing tools and in the context of business. Int J Res Comput Appl Robot 3(7):8–12

18.

Cova M, Kruegel C, Vigna G (2012) Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proc. 19th Int’l Conf. World Wide Web, ACM

19.

Sood AK, Enbody RJ (2011) Browser exploit packs death by bundled exploits. In: Proc. 21st Virus Bulletin Conf

20.

Spear-Phishing, watering hole and drive-by attacks: the new normal. Invincea, Inc. https://www.invincea.com/wp-content/uploads/2013/10/Invincea-spear-phishing-watering-holedrive-by-whitepaper-2013.pdf. Accessed 20 June 2016

21.

Kim CH, Kim S, Kim JB (2016) A study of agent system model for response to spear-phishing. Int Inf Inst Tokyo Inf 19(1):263

22.

Branco R (2011) Into the darkness: dissecting targeted attacks. Qualys Blog. https://blog.qualys.com/securitylabs/2011/11/30/dissecting-targeted-attacks. Accessed 16 July 2016

23.

Appelt D, Nguyen CD, Briand LC, Alshahwan N (2014) Automated testing for SQL injection vulnerabilities: an input mutation approach. In: Proceedings of the 2014 International Symposium on Software Testing and Analysis. ACM, pp 259–269

24.

Huang W, Hsiao C, Lin N (2011) Mass meshing injection: Sidename.js (now cssminibar.js) ongoing. Armorize Malware Blog. http://blog.armorize.com/2011/06/mass-meshing-injectionsidenamejs.html. Accessed 14 June 2016

25.

Huang W, Hsiao C, Lin N (2011) Malvertising on google doubleclick ongoing. Armorize Malware Blog. http://blog.armorize.com/2011/08/k985ytvhtm-fake-antivirus-mass.html. Accessed 26 July 2016

26.

Zhang YL, Xia GS (2013) The SSL MIMT attack with DNS spoofing. In: Applied Mechanics and Materials, vol. 385. Trans Tech Publications, pp 1647–1650

27.

Wang Z (2014) POSTER: on the capability of DNS cache poisoning attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp 1523–1525

28.

Yuan L, Chen CC, Mohapatra P, Chuah CN, Kant K (2013) A proxy view of quality of domain name service, poisoning attacks and survival strategies. ACM Trans Internet Technol (TOIT) 12(3):9CrossRef

29.

Yamada A, Kim THJ, Perrig A (2012) Exploiting privacy policy conflicts in online social networks. Technical Report: CMU-CyLab-12-005, Carnegie Mellon University

30.

Balduzzi et al M (2012) A security analysis of Amazon’s elastic compute cloud service. In: Proc. 27th Ann. ACM Symp. Applied Computing, ACM

31.

Ferrie P, Szor P (2004) Cabirn fever. Virus Bulletin Magazine

32.

Stavrou A, Wang Z (2011) Exploiting smart-phone USB connectivity for fun and profit. In: BlackHat DC Conf

33.

Rutkowska J (2009) Thoughts about trusted computing. In: EuSecWest Conf

34.

Wang L, Jajodia S, Singhal A, Cheng P, Noel S (2014) k-zero day safety A network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans Dependable Secure Comput 11(1):30–44CrossRef

35.

Recent Zero-day exploits and vulnerabilities. https://www.fireeye.com/current-threats/recent-zero-day-attacks.html. Accessed 13 June 2016

36.

What is a zero-day vulnerability? http://www.pctools.com/security-news/zero-day-vulnerability/. Accessed 6 July 2016

37.

https://en.wikipedia.org/wiki/Zero-day_(computing). Accessed 15 May 2016

38.

Choi J, Choi C, Lynn HM, Kim P (2015) Ontology based APT attack behavior analysis in cloud computing. In: 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp 375–379

39.

James PF, Rohozinski R (2011) Stuxnet and the future of cyber war. Surv Glob Polit Strat 53(1):23–40

40.

Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference on IEEE Industrial Electronics Society, pp 4490–4494

41.

Langner R (2011) Stuxnet: dissecting a cyber warfare weapon. IEEE Secur Priv 9(3):49–51CrossRef

42.

Falliere N, Murchu LO, Chien E (2011) W32.Stuxnet Dossier, Symantec security response, Version 1.4

43.

Parmar B (2012) Protecting against spear-phishing. Comput Fraud Secur 2012(1):8–11CrossRef

44.

Caputo DD, Pfleeger SL, Freeman JD, Johnson ME (2014) Going spear phishing: exploring embedded training and awareness. IEEE Secur Priv 12(1):28–38CrossRef

45.

Faisal Mohammad, Ibrahim Mohammad (2012) STUXNET, DUQU and beyond. Int J Sci Eng Investig 1(2):75–78

46.

Bencsáth B, Pék G, Buttyán L, Félegyházi M (2012) The cousins of Stuxnet: Duqu, Flame, and Gauss. Future Internet 4(4):972–1003CrossRef

47.

Chen P, Desmet L, Huygens C (2014) A study on advanced persistent threats. Commun Multimed Secur 8735:63–72

48.

http://www.enterpriseitnews.com.my/malaysia-organizations-more-likely-to-be-targeted-with-cyber-attacks-fireeye-report/3.4ref. Accessed 10 June 2016

49.

https://www.fireeye.com/current-threats/annual-threat-report.html3.4ref. Accessed 19 June 2016

50.

http://www.computerweekly.com/news/4500260196/Cyber-attacks-an-increasing-concern-for-Asean-countries. Accessed 10 May 2016

51.

http://www.computerweekly.com/news/4500260196/Cyber-attacks-an-increasing-concern-for-Asean-countries. Accessed 5 July 2016

52.

Davis J, Clarck A (2011) Data preprocessing for anomaly based network intrusion detection: a review. Comput Secur 30:353–375CrossRef

53.

Kai HM, Liu XJ, Liu YF, Zhou L (2011) Reducing false negatives in intelligent intrusion detection decision response system. Appl Mech Mater 128:676–681CrossRef

54.

Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland

55.

Zhou C, Leckie C, Karunasekera S (2010) A survey of coordinated attacks an collaborative intrusion detection. Comput Secur 29:124–140CrossRef

56.

Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutor 12(3):343–356. doi:10.1109/SURV.2010.032210.00054 CrossRef

57.

Trammell B, Claise B (2015) Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. https://tools.ietf.org/html/rfc7011. Accessed 29 July 2015

58.

Cisco: Cisco IOS NetFlow. http://cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html. Accessed 29 July 2015

59.

University of California: KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 29 July 2015

60.

MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation. http://www.ll.mit.edu/ideval/data/. Accessed 29 July 2015

61.

Julisch K, Kruegel C (2005) Detection of intrusions and malware, and vulnerability assessment. In: Proceedings of 2nd International Conference, DIMVA Vienna, Austria, July 7–8. Springer, New York

62.

Abdoli F, Kahani, M (2009) Ontology-based distributed intrusion detection system. In: Computer Conference, 2009. CSICC 2009,14th International CSI. IEEE, pp 65–70

63.

W3C: Semantic web. http://www.w3.org/standards/semanticweb/. Accessed 29 July 2015

64.

Chiang HS, Tsaur WJ (2009) Ontology-based mobile malware behavioral analysis. Da-Yeh University, Changhua

65.

Huang HD, Chuang TY, Tsai YL, Lee CS (2010) Ontology-based intelligent system for malware behavioral analysis. In: Fuzzy Systems (FUZZ), IEEE International Conference on, pp 1–6

66.

W3C: SPARQL 1.1 Overview. http://www.w3.org/TR/sparql11-overview/. Accessed 29 July 2015

67.

Stanford Center for Biomedical Informatics Research: Protégé. http://protege.stanford.edu/. Accessed 29 July 2015

68.

Apache Software Foundation: Apache JENA. https://jena.apache.org/. Accessed 27 July 2015

69.

Christodorescu M, Jha S, Seshia S, Song D, Bryant RE (2005) others: Semantics-aware malware detection. In: Security and Privacy, IEEE Symposium, pp 32–46

70.

Scheirer W, Chuah MC (2008) Syntax vs. semantics: competing approaches to dynamic network intrusion detection. Int J Secure Netw 3(1):24–35CrossRef

71.

Hirono S, Yamaguchi Y, Shimada H, Takakura H (2014) Development of a secure traffic analysis system to trace malicious activities on internal networks. In: Proceeding of IEEE 38th Annual Conference on Computer Software and Applications Conference (COMPSAC). IEEE, pp 305–310

72.

Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3):273–297MATH

73.

Andersson S, Clark A, Mohay G, Schatz B, Zimmermann J (2005) A framework for detecting network-based code injection attacks targeting Windows and UNIX. In: Computer Security Applications Conference, 21st Annual, p 10

74.

Chien SH, Chang EH, Yu CY, Ho CS (2007) Attack sub plan based attack scenario correlation. Int Conf Mach Learn Cybern 4:1881–1887CrossRef

75.

Cisco: Snort.Org. https://www.snort.org/. Accessed 10 Jan 2015

76.

Zhu B, Ghorbani AA (2005) Alert correlation for extracting attack strategies. Ph.D. thesis, Citeseer

77.

AlEroud A, Karabatis G (2013) A system for cyber attack detection using contextual semantics. In: 7th International Conference on Knowledge Management in Organizations: Service and Cloud Computing. Springer, New York, pp 431–442

78.

He P, Karabatis G (2012) Using semantic networks to counter cyber threats. In: Intelligence and Security Informatics (ISI), IEEE International Conference on, pp 184–184

79.

Shannon CE (2001) A mathematical theory of communication. ACM SIGMOBILE Mob Comput Commun Rev 5(1):3–55

80.

Münz G, Carle G (2007) Real-time analysis of flow data for network attack detection. In: Integrated Network Management, 2007. IM’07. 10th IFIP/IEEE International Symposium on, pp 100–108

81.

Vance A (2014) Flow based analysis of advanced persistent threats detecting targeted attacks in cloud computing. In: Info communications Science and Technology, 2014 1st International Scientific-Practical Conference Problems of, pp 173–176

82.

Krishnamurthy B, Sen S, Zhang Y, Chen Y (2003) Sketch-based change detection: methods, evaluation, and applications. In: Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, pp 234–247

83.

Aleroud A, Karabatis G (2014) Context infusion in semantic link networks to detect cyber-attacks: a flow-based detection approach. IEEE, pp 175–182

84.

Razzaq A, Latif K, Ahmad HF, Hur A, Anwar Z, Bloodsworth PC (2014) Semantic security against web application attacks. Inf Sci 254:19–38. doi:10.1016/j.ins.2013.08.007 CrossRef

85.

Razzaq A, Anwar Z, Ahmad HF, Latif K, Munir F (2014) Ontology for attack detection: an intelligent approach to web application security. Comput Secur 45:124–146. doi:10.1016/j.cose.05.005 CrossRef

86.

McGuinness DL, Van HF (2004) OWL web ontology language overview. W3C Recomm 10(10):101

87.

Meier M (2004) A model for the semantics of attack signatures in misuse detection systems. In: Information security. Lecture notes in computer science, vol 3225. Springer, New York, pp 158–169

88.

Guarino N, Welty CA (2009) An overview of OntoClean. In: Handbook on ontologies. Springer, New York, pp 201–220

89.

Razzaq A, Ahmed HF, Hur A, Haider N (2009) Ontology based application level intrusion detection system by using Bayesian filter. In: Computer Control and Communication, 2009. IC4 2nd International Conference on, pp 1–6

90.

Sangeetha S, Vaidehi V (2010) Fuzzy aided application layer semantic intrusion detection system—FASIDS. Int J Netw Secur Appl 2(2):39–56

91.

Farrell JA (2015). http://www.cs.man.ac.uk/~pjj/farrell/comp2.html#EBNF. Accessed 29 July 2015

92.

Kosko B (1986) Fuzzy cognitive maps. Int J Man Mach Stud 24(1):65–75CrossRefMATH

93.

Balduzzi M, Ciangaglini V, McArdle R (2013) Targeted attacks detection with spunge. In: 11th Annual International Conference on Privacy, Security and Trust (PST), 2013, pp 185–194

94.

Levenshtein VI (1966) Binary codes capable of correcting deletions, insertions, and reversals. Sov Phys Doklady 10:707–710MathSciNet

95.

Thakar U, Dagdee N (2010) Pattern analysis and signature extraction for intrusion attacks on web services. Int J Netw Secur Appl 2(3):190–205. doi:10.5121/ijnsa.2010.2313

96.

W3C: SOAP Version 1.2 Part 1: Messaging Framework (Second Edition). http://www.w3.org/TR/soap12/ . Accessed 22 July 2015

97.

Zarras A, Papadogiannakis A, Gawlik R, Holz T (2014) Automated generation of models for fast and precise detection of HTTP based malware. In: 12th Annual International Conference on. Privacy, Security and Trust (PST), pp 249–256

98.

Gamer T, Scholler M, Bless R (2006) A granularity-adaptive system for in-network attack detection. In: Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, pp 47–50

99.

Luo X, Chan EW, Chang RK (2006) Vanguard: a new detection scheme for a class of TCP-targeted denial-of-service attacks. In: Network Operations and Management Symposium, NOMS, 10th IEEE/IFIP, pp 507–518

100.

Ansarinia M, Asghari SA, Souzani A, Ghaznavi A (2012) Ontology-based modeling of DDoS attacks for attack plan detection. In: 2012 6th International Symposium on Telecommunications (IST), pp 993–998

101.

MITRE Corporation: CAPEC-Common Attack Pattern Enumeration and Classification (CAPEC). https://capec.mitre.org/. Accessed 22 Sept 2015

102.

MITRE Corporation: CVE-Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/. Accessed 22 Sept 2015

103.

MITRE Corporation: CWE-Common Weakness Enumeration. https://cwe.mitre.org/. Accessed 22 Sept 2015

104.

MITRE Corporation: Common Event Expression: CEE, A Standard Log Language for Event Interoperability in Electronic Systems. https://cee.mitre.org/. Accessed 29 July 2015

105.

Sikorski M, Honig A (2012) Practical malware analysis: the hands-on guide to dissecting malicious software. No Starch, San Francisco

106.

Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv (CSUR) 44(2):6CrossRef

107.

Idika N, Mathur AP (2007) A survey of malware detection techniques. Technical report 286, Department of Computer Science, Purdue University, USA

108.

Wagner M, Fischer F, Luh R, Haberson A, Rind A, Keim D, Aigner W, Borgo R, Ganovelli F, Viola I (2015) A Survey of Visualization Systems for Malware Analysis. In: EG Conference on Visualization (EuroVis)-STARs, pp 105–125

109.

Dornhackl H, Kadletz K, Luh R, Tavolato P (2014) Malicious behavior patterns. In: IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp 384–389

110.

Kumar S, Spafford EH (1994) A pattern matching model for misuse intrusion detection. In: Proceedings of the 17\(^{{\rm th}}\) National computer Security Conference, pp 11–21

111.

Peyman K, Ali AG (2005) Research on intrusion detection and response: a survey. IJ Netw Secur 1(2):84–102

112.

Wagner D, Soto P (2002) Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp 255–264

113.

Landwehr CE, Bull AR, McDermott JP, Choi WS (1994) A taxonomy of computer program security flaws. ACM Comput Surv (CSUR) 26(3):211–254CrossRef

114.

Raskin V, Hempelmann CF, Triezenberg KE, Nirenburg S (2001) Ontology in information security: a useful theoretical foundation and methodological tool. In: Proceedings of the Workshop on New Security Paradigms, pp 53–59

115.

FernándezL M, Gómez-Pérez A, Juristo N (1997) Methontology: from ontological art towards ontological engineering. In: AAAI Symposium on Ontological Engineering, American Association for Artificial Intelligence

116.

Anagnostopoulos T, Anagnostopoulos C, Hadjiefthymiades S (2005) Enabling attack behavior prediction in ubiquitous environments. In: Pervasive Services, 2005. ICPS’05, Proceedings of International Conference on, pp 425–428

117.

Yan W, Hou E, Ansari N (2004) Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks. In: Local Computer Networks, 29th Annual IEEE International Conference on, pp 110–100

118.

International secure systems lab: anubis-malware analysis for unknown binaries. https://anubis.iseclab.org/. Accessed 29 July 2015

119.

Zimmer D, Unland R (1999) On the semantics of complex events in active database management systems. In: 1999, Proceedings of 15th International Conference on, Data Engineering, pp 392–399

120.

Debar H, Curry D, Feinstein B (2015) The Intrusion Detection Message Exchange Format (IDMEF). https://www.ietf.org/rfc/rfc4765.txt. Accessed 29 July 2015

121.

Totel E, Vivinis B, Mé L (2004) A language driven intrusion detection system for event and alert correlation. In: Proceedings at the 19th IFIP International Information Security Conference. Kluwer Academic, Toulouse, Springer, New York, pp 209–224

122.

Alienvault: OSSIM: The Open Source SIEM | AlienVault. https://www.alienvault.com/products/ossim. Accessed 29 July 2015

123.

Gorodetski V, Kotenko I, Karsaev O (2003) Multi-agent technologies for computer network security: attack simulation, intrusion detection and intrusion detection learning. Comput Syst Sci Eng 18(4):191–200

124.

Bhatt P, Yano ET, Gustavsson P (2014) Towards a framework to detect multi-stage advanced persistent threat sattacks. Proceeding of IEEE 8th international symposium on service oriented system engineering (SOSE). IEEE, pp 390–395

125.

Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead Issues Inf Warfare Secur Res 1:80

126.

Mathew S, Upadhyaya S, Sudit M, Stotz A (2010) Situation awareness of multistage cyber attacks by semantic event fusion. In: Military Communications Conference, 2010-MILCOM 2010. IEEE, pp 1286–1291

127.

Stotz A, Sudit M (2007) Information fusion engine for real-time decision-making (INFERD): a perceptual system for cyber attack tracking. In: Information Fusion, 2007 10th International Conference on, pp 1–8

128.

Mathew S, Giomundo R, Upadhyaya S, Sudit M, Stotz A (2006) Understanding multistage attacks by attack-track based visualization of heterogeneous event streams. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security, pp 1–6

129.

GlobalSecurity.org: Open Source Information System (OSIS). http://www.globalsecurity.org/intell/systems/ osis.htm. Accessed 29 July 2015

130.

Atighetchi M, Griffith J, Emmons I, Mankins D, Guidorizzi R (2014) Federated access to cyber observables for detection of targeted attacks. In: Proceeding of IEEE on Military Communications Conference (MILCOM), IEEE. pp 60–66

131.

Sadighian A, Zargar ST, Fernandez JM, Lemay A (2013) Semantic-based context-aware alert fusion for distributed Intrusion Detection Systems. In International Conference on, Risks and Security of Internet and Systems (CRiSIS), pp 1–6

132.

Gabriel R, Hoppe T, Pastwa A, Sowa S (2009) Analyzing malware log data to support security information and event management: some research results. In: Proceeding of IEEE First International Conference on Advances in Databases, Knowledge, and Data Applications (DBKDA). IEEE, pp 108–113

133.

Langeder S (2014) Towards dynamic attack recognition for SIEM. Ph.D. thesis, St. Poelten University of Applied Sciences

134.

Strasburg C, Basu S, Wong JS (2013) S-MAIDS: a semantic model for automated tuning, correlation, and response selection in intrusion detection systems, In: Proceeding of IEEE 37th Annual Conference on Computer Softwareand Applications Conference (COMPSAC). IEEE, pp 319–328

Title: A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions
Authors: Saurabh Singh
Pradip Kumar Sharma
Seo Yeon Moon
Daesung Moon
Jong Hyuk Park
Publication date: 07-09-2016
Publisher: Springer US
Published in: The Journal of Supercomputing / Issue 8/2019
Print ISSN: 0920-8542
Electronic ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-016-1850-4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 8/2019

Toward fault-tolerant hybrid programming over large-scale heterogeneous clusters via checkpointing/restart optimization

Multi-objective algorithms for the application mapping problem in heterogeneous multiprocessor embedded system design

Inapproximability results and suboptimal algorithms for minimum delay cache placement in campus networks with content-centric network routers

OpenCL-based design of an FPGA accelerator for quantum annealing simulation

Improving the performance of feature selection and data clustering with novel global search and elite-guided artificial bee colony algorithm

Parallel simulation model for heat and moisture transfer of clothed human body

Premium Partner