nach oben

Cluster Computing

Erschienen in:

20.12.2016

DFA-AD: a distributed framework architecture for the detection of advanced persistent threats

verfasst von: Pradip Kumar Sharma, Seo Yeon Moon, Daesung Moon, Jong Hyuk Park

Erschienen in: Cluster Computing | Ausgabe 1/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Advanced persistent threats (APTs) are target-oriented and advanced cyber-attacks which often leverage the bot control and customized malware techniques in order to control and remotely access valuable information. APTs generally use various attack techniques to gain access to the unauthorized system and then progressively spread throughout the network. The prime objectives of APT attacks are to steal intellectual property, legal documents, sensitive internal business and other data. If an attack is successfully launched on a system, the timely detection of attack is extremely important to stop APTs from further spreading and for mitigating its impact. On the other hand, internet of things (IoT) devices quickly become ubiquitous while IoT services become pervasive. Their prosperity has not gone unnoticed, and the number of attacks and threats against IoT devices and services are also increasing. Cyber-attacks are not new to IoT, but as the IoT will be deeply intertwined in our societies and lives, it becomes essential to take cyber defense seriously. In this paper, we propose a novel distributed framework architecture for the detection of APTs named as distributed framework architecture for APTs detection (DFA-AD), which is a promising basis for modern intrusion detection systems. In contrast to other approaches, the DFA-AD technique for detecting APT attack is based on multiple parallel classifiers, which classify the events in a distributed environment and event correlation among those events. Each classifier method is focused on detecting the APT’s attack technique independently. The evaluation results show that the proposed approach achieves greater effectiveness and accuracy.

Vorheriger Artikel A corpus-based approach to classifying emotions using Korean linguistic features

Nächster Artikel Priority queue based polling mechanism on seismic equipment cluster monitoring

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Iran confirms Stuxnet found at Bushehr nuclear power plant. http://warincontext.org/2010/09/26/iran-confirms-stuxnet-found-at-bushehr-nuclear-power-plant/. Accessed Aug 2016

Brewer, R.: Advanced persistent threats: minimising the damage. Netw. Secur. 4, 5–9 (2014)CrossRef

Kshetri, N.: The global cybercrime industry: economic, institutional and strategic perspectives. Springer, New York (2010)CrossRef

Fossi, M., et al.: Symantec internet security threat report trends for 2010. Semant. Enterproses Secur. 16, 1–20 (2011)

Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 8, 16–19 (2011)CrossRef

Kaspersky Lab ZAO. Red October diplomatic cyber attacks investigation. https://securelist.com/analysis/publications/36740/red-october-diplomatic-cyber-attacks-investigation/. Accessed Jul 2016

Mandiant, A.P.T.: Exposing one of China’s cyber espionage units. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf. Accessed Aug 2016

Parmar, B.: Protecting against spear-phishing. Comput. Fraud Secur. 1, 8–11 (2012)CrossRef

Caputo, D.D., et al.: Going spear phishing: exploring embedded training and awareness. IEEE Secur. Priv. 12(1), 28–38 (2014)CrossRef

10.

Faisal, M., Ibrahim, M.: Stuxnet, duqu and beyond. Int. J. Sci. Eng. Investig. 1, 75–78 (2012)

11.

Bencsáth, B., et al.: The cousins of stuxnet: duqu, flame, and gauss. Future Internet. 4, 971–1003 (2012)CrossRef

12.

O’Gorman, G.; McDonald, G.: The Elderwood project. symantec whitepaper. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf. Accessed Aug 2016

13.

Gragido, W.: Lions at the Watering Hole: The VOHO Affair. RSA blog. http://blogs.rsa.com/lions-at-the-watering-hole-the-voho-affair/ (2012). Accessed Aug 2016

14.

Internet explorer 8 exploit found in watering hole campaign targeting Chinese dissidents. https://www.fireeye.com/blog/threat-research/2013/03/internet-explorer-8-exploit-found-in-watering-hole-campaign-targeting-chinese-dissidents.html (2012). Accessed Aug 2016

15.

Operation Snowman: DeputyDog Actor Compromises US Veterans of Foreign Wars Website. https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html (2014). Accessed Aug 2016

16.

Kaspersky lab. https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf. (2015). Accessed Aug 2016

17.

Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Comput. Surv. 41, 15–73 (2009)CrossRef

18.

Liu, S.T., Chen, Y.M., Lin, S.J.: A novel search engine to uncover potential victims for apt investigations. In: Proceeding of IFIP international conference on network and parallel computing. Springer, New York (2013)

19.

Thonnard, O. et al.: September. Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat. In: Proceeding of international workshop on recent advances in intrusion detection. Springer, Berlin (2012)

20.

Lee, M., Lewis, D.: Clustering disparate attacks: mapping the activities of the advanced persistent threat. https://www.virusbulletin.com/uploads/pdf/conference_slides/2011/Lee-VB2011.pdf (2013). Accessed Jul 2016

21.

Balduzzi, M., Ciangaglini, V., McArdle, R.: Targeted attacks detection with spunge. In: Proceeding of 2013 eleventh annual international conference on privacy, security and trust (PST), IEEE (2013)

22.

Bencsáth, B., et al.: Duqu: analysis, detection, and lessons learned\(. \)In: Proceeding of ACM European workshop on system security (EuroSec) (2012)

23.

Wang, P., Wang, Y.S.: Malware behavioural detection and vaccine development by using a support vector model classifier. J. Comput. Syst. Sci. 81, 1012–1026 (2015)CrossRef

24.

Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Netw. 2015, 1–9 (2015)

25.

Espejo, P.G., Ventura, S., Herrera, F.: A survey on the application of genetic programming to classification. IEEE Trans. Syst. Man Cybern. 40, 121–144 (2010)CrossRef

26.

Skopik, F., et al.: Semi-synthetic data set generation for security software evaluation. In: Privacy, security and trust (PST). IEEE twelfth annual international conference on 2014

27.

Dainotti, A., Pescapé, A., Ventre, G.: Nis04-1: Wavelet-based detection of dos attacks. In: Proceeding of global telecommunications conference, GLOBECOM ’06. IEEE (2006)

28.

Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: Proceeding of ACM SIGCOMM computer communication review, ACM (2004)

29.

De Donato, W., Pescapé, A., Dainotti, A.: Traffic identification engine: an open platform for traffic classification. IEEE Netw. 28(2), 56–64 (2014)CrossRef

30.

Dainotti, A., Pescapé, A., Sansone, C.: Early classification of network traffic through multi-classification. In: Proceeding of international workshop on traffic monitoring and analysis. Springer, New York (2011)

31.

Folino, G., Pisani, F. S.: Combining ensemble of classifiers by using genetic programming for cyber security applications. In: Proceeding of European conference on the applications of evolutionary computation. Springer International Publishing, New York (2015)

32.

Dainotti, A., et al.: Analysis of a/0 stealth scan from a botnet. In: Proceedings of the 2012 ACM conference on internet measurement conference, ACM (2012)

33.

Mehresh, R., et al.: Tamper-resistant monitoring for securing multi-core environments.In : Proceeding of international conference on security and management (SAM) (2011)

34.

Tian, M., et al.: Using statistical analysis and support vector machine classification to detect complicated attacks. In: Proceeding of international conference on machine learning and cybernetics, IEEE (2004)

35.

Ingham, K. L., Inoue, H.: Comparing anomaly detection techniques for http. In: Proceeding of international workshop on recent advances in intrusion detection. Springer, Berlin (2007)

36.

Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM conference on computer and communications security, ACM (2003)

37.

Singh, S., et al.: A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J. Supercomput. pp. 1–32 (2016)

38.

Hu, P., et al.: Dynamic defense strategy against advanced persistent threat with insiders. In: Proceeding of 2015 IEEE conference on computer communications (INFOCOM), IEEE, pp. 747–755 (2015)

39.

Mehresh, R., Shambhu, U.: Surviving advanced persistent threats in a distributed environment-architecture and analysis. Inform. Syst. Front. 17(5), 987–995 (2015)CrossRef

40.

Zulkefli, Z., Singh, M.M., Malim, N.H.A.H.: Advanced persistent threat mitigation using multi level security-access control framework. In: Proceeding of international conference on computational science and its applications, pp. 90–105. Springer International Publishing, New York (2015)

41.

Mohamed, A., Geir, M.K.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J. Cyber Secur. 4, 65–88 (2015)CrossRef

42.

Sung, Y., et al.: FS-open security: a taxonomic modeling of security threats in SDN for future sustainable computing. Sustainability 8(9), 919–944 (2016)CrossRef

Titel: DFA-AD: a distributed framework architecture for the detection of advanced persistent threats
verfasst von: Pradip Kumar Sharma
Seo Yeon Moon
Daesung Moon
Jong Hyuk Park
Publikationsdatum: 20.12.2016
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 1/2017
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-016-0716-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2017

Security analysis of a proposed internet of things middleware

Bi-level programming model for multi-modal regional bus timetable and vehicle dispatch with stochastic travel time

Multi-objective inverse scheduling optimization of single-machine shop system with uncertain due-dates and processing times

A novel dual authentication protocol (DAP) for multi-owners in cloud computing

An analysis work on correlation of internet addiction and school age groups

CBR-based network performance management with multi-agent approach

Premium Partner