APTHunter: Detecting Advanced Persistent Threats in Early Stages

被引:3
|
作者
Mahmoud, Moustafa [1 ]
Mannan, Mohammad [1 ]
Youssef, Amr [1 ]
机构
[1] Concordia Univ, Montreal, PQ, Canada
来源
关键词
Threat intelligence; APT; attack detection;
D O I
10.1145/3559768
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We propose APTHunter, a system for prompt detection of Advanced and Persistent Threats (APTs) in early stages. We provide an approach for representing the indicators of compromise that appear in the cyber threat intelligence reports and the relationships among them as provenance queries that capture the attacker's malicious behavior. We use the kernel audit log as a reliable source for system activities and develop an optimized whole system provenance graph that provides the causal relationships and information flows among system entities in a compact format. Then, we model the threat hunting as a behavior match problem by applying provenance queries to the optimized provenance graph to find any hits as indicators of an APT attack. We evaluate APTHunter on adversarial engagements from DARPA over different OS platforms, as well as real-world APT campaigns. Based on our experimental results, APTHunter promptly and reliably detects attack artifacts in early stages.
引用
收藏
页数:31
相关论文
共 50 条
  • [1] A novel approach for detecting advanced persistent threats
    Al-Saraireh, Jaafer
    Masarweh, Ala'
    [J]. EGYPTIAN INFORMATICS JOURNAL, 2022, 23 (04) : 45 - 55
  • [2] Expert knowledge and data analysis for detecting advanced persistent threats
    Ramon Moya, Juan
    DeCastro-Garcia, Noemi
    Fernandez-Diaz, Ramon-Angel
    Lorenzana Tamargo, Jorge
    [J]. OPEN MATHEMATICS, 2017, 15 : 1108 - 1122
  • [3] A Cyber Kill Chain Approach for Detecting Advanced Persistent Threats
    Ahmed, Yussuf
    Asyhari, A. Taufiq
    Rahman, Md Arafatur
    [J]. CMC-COMPUTERS MATERIALS & CONTINUA, 2021, 67 (02): : 2497 - 2513
  • [4] The Use of Machine Learning Algorithms for Detecting Advanced Persistent Threats
    Eke, Hope Nkiruka
    Petrovski, Andrei
    Ahriz, Hatem
    [J]. PROCEEDINGS OF THE 12TH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS (SIN'19), 2019,
  • [5] Detecting Advanced Persistent Threats Based on Entropy and Support Vector Machine
    Tan, Jiayu
    Wang, Jian
    [J]. ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, ICA3PP 2018, PT IV, 2018, 11337 : 153 - 165
  • [6] A Network Gene-Based Framework for Detecting Advanced Persistent Threats
    Wang, Yuan
    Wang, Yongjun
    Liu, Jing
    Huang, Zhijian
    [J]. 2014 NINTH INTERNATIONAL CONFERENCE ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING (3PGCIC), 2014, : 97 - 102
  • [7] Advanced Persistent Threats
    Ozzengin, Yavuz Selim
    Sakiz, Fatih
    Benzer, Recep
    [J]. 2016 24TH SIGNAL PROCESSING AND COMMUNICATION APPLICATION CONFERENCE (SIU), 2016, : 1845 - 1848
  • [8] A Study on Advanced Persistent Threats
    Chen, Ping
    Desmet, Lieven
    Huygens, Christophe
    [J]. COMMUNICATIONS AND MULTIMEDIA SECURITY, CMS 2014, 2014, 8735 : 63 - 72
  • [9] Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification
    Siddiqui, Sana
    Khan, Muhammad Salman
    Ferens, Ken
    Kinsner, Witold
    [J]. IWSPA'16: PROCEEDINGS OF THE 2016 ACM INTERNATIONAL WORKSHOP ON SECURITY AND PRIVACY ANALYTICS, 2016, : 64 - 69
  • [10] Systems for Detecting Advanced Persistent Threats a Development Roadmap using Intelligent Data Analysis
    de Vries, Johannes
    Hoogstraaten, Hans
    van den Berg, Jan
    Daskapan, Semir
    [J]. 2012 ASE INTERNATIONAL CONFERENCE ON CYBER SECURITY (CYBERSECURITY), 2012, : 54 - 61