[논문]Combating advanced persistent threats: From network event correlation to incident detection

Friedberg, I.; Skopik, F.; Settanni, G.; Fiedler, R.

doi:10.1016/j.cose.2014.09.006

Combating advanced persistent threats: From network event correlation to incident detection

Computers & security, v.48, 2015년, pp.35 - 57

Friedberg, I. , Skopik, F. , Settanni, G. , Fiedler, R.

Abstract ▼ AI-Helper

An advanced persistent threat (also known as APT) is a deliberately slow-moving cyberattack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. In contrast to traditional attacks, they are not used to interrupt services but primarily to steal intellectual property, sensitive internal business and legal documents and other data. If an attack on a system is successful, timely detection is of paramount importance to mitigate its impact and prohibit APTs from further spreading. However, recent security incidents, such as Operation Shady Rat, Operation Red October or the discovery of MiniDuke - just to name a few - have impressively demonstrated that current security mechanisms are mostly insufficient to prohibit targeted and customized attacks. This paper therefore proposes a novel anomaly detection approach which is a promising basis for modern intrusion detection systems. In contrast to other common approaches, which apply a kind of black-list approach and consider only actions and behaviour that match to well-known attack patterns and signatures of malware traces, our system works with a white-list approach. Our anomaly detection technique keeps track of system events, their dependencies and occurrences, and thus learns the normal system behaviour over time and reports all actions that differ from the created system model. In this work, we describe this system in theory and show evaluation results from a pilot study under real-world conditions.

주제어

참고문헌 (35)

Alperovitch 2011 Revealed: operation shady RAT
Axelsson 2000 Intrusion detection systems: A survey and taxonomy
Comput Fraud Secur Barber 2001 2 14 2001 10.1016/S1361-3723(01)02017-6 Hackers profiled who are they and what are their motivations?

상세보기
Barto？ 118 2012 Dependable networks and services Network anomaly detection: comparison and real-time issues
Netw Secur Brewer 2014 4 5 2014 10.1016/S1353-4858(14)70040-6 Advanced persistent threats: minimising the damage

상세보기
Comput Fraud Secur Caldwell 2013 1 11 2013 10.1016/S1361-3723(13)70007-1 Spear-phishing: how to spot and mitigate the menace

상세보기
ACM Comput Surv (CSUR) Chandola 41 3 15 2009 10.1145/1541880.1541882 Anomaly detection: a survey

상세보기
Softw Eng IEEE Trans Denning 2 222 1987 10.1109/TSE.1987.232894 An intrusion-detection model

상세보기
Comput Secur Garca-Teodoro 28 12 18 2009 10.1016/j.cose.2008.08.003 Anomaly-based network intrusion detection: techniques, systems and challenges

상세보기
Commun ACM Ives 47 4 75 2004 10.1145/975817.975820 The domino effect of password reuse

상세보기
Expert Syst Appl Kim 41 4, Part 2 1690 2014 10.1016/j.eswa.2013.08.066 A novel hybrid intrusion detection method integrating anomaly detection with misuse detection

상세보기
Comput Secur Kjaerland 25 7 522 2006 10.1016/j.cose.2006.08.004 A taxonomy and comparison of computer security incidents from the commercial and government sectors

상세보기
Technol Forecast Soc Change Kraemer-Mbula 80 3 541 2013 10.1016/j.techfore.2012.07.002 The cybercrime ecosystem: online innovation in the shadows?

상세보기
Lee 120 1999 Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on A data mining framework for building intrusion detection models
Li 343 2012 Advances in Artificial Intelligence Anomaly detection via coupled gaussian kernels
McAfee Labs and McAfee Foundstone Professional Services 2010 Protecting your critical assets
ACM Comput Surv Mitchell 46 4 2014 10.1145/2542049 A survey of intrusion detection techniques for cyber-physical systems

상세보기
Comput Fraud Secur O'Neill 2014 1 16 2014 10.1016/S1361-3723(14)70008-9 The internet of things: do more devices mean more risks?

상세보기
Comput Netw Patcha 51 12 3448 2007 10.1016/j.comnet.2007.02.001 An overview of anomaly detection techniques: existing solutions and latest technological trends

상세보기
Sabahi 23 2008 Systems and Networks Communications, 2008. ICSNC'08. 3rd International Conference on Intrusion detection: a survey
Skopik 2013 43 Jahrestagung der Gesellschaft fr Informatik eV (GI) (INFORMATIK 2013) Intrusion detection in distributed systems using finger-printing and massive event correlation
Skopik 2014 5th IEEE Innovative Smart Grid Technologies Conference Dealing with advanced persistent threats in smart grid ict networks
Skopik 2014 12th Annual Conference on Privacy, Security and Trust Semi-synthetic data set generation for security software evaluation
Sommer 305 2010 Security and Privacy (SP), 2010 IEEE Symposium on Outside the closed world: on using machine learning for network intrusion detection
Int J Crit Infrastructure Prot Sood 6 1 28 2013 10.1016/j.ijcip.2013.01.002 Crimeware-as-a-servicea survey of commoditized crimeware in the underground market

상세보기
Comput Fraud Secur Steer 2014 1 17 2014 10.1016/S1361-3723(14)70009-0 The gaping hole in our security defences

상세보기
Netw Secur Tankard 2011 8 16 2011 10.1016/S1353-4858(11)70086-1 Advanced persistent threats and how to monitor and deter them

상세보기
Netw Secur Thomson 2011 11 9 2011 10.1016/S1353-4858(11)70118-0 Apts: a poorly understood challenge

상세보기
Signal Process IEEE Trans Thottan 51 8 2191 2003 10.1109/TSP.2003.814797 Anomaly detection in ip networks

상세보기
Comput Secur von Solms 38 0 97 2013 10.1016/j.cose.2013.04.004 From information security to cyber security

상세보기
Yin volume 2 1298 2004 Multi-events analysis for anomaly intrusion detection
J Comput Sci Coll Yu 28 1 9 2012 A survey of anomaly intrusion detection techniques
Zhang 1 2009 Computer Network and Multimedia Technology, 2009. CNMT 2009. International Symposium on A survey of anomaly detection methods in networks
Zhang vol. 1 231 2009 A network anomaly detection method based on relative entropy theory
Zhao 113 2010 Communications and Intelligence Information Security (ICCIIS), 2010 International Conference on Bayesian statistical inference in machine learning anomaly detection

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 논문명, 저널/프로시딩명, 저자 , 발행년, 권, 호, 시작페이지, 끝페이지, 발행기관 관리번호, 논문명, 대등논문명, 저자 , 저널/프로시딩명, 발행기관, 발행년, 발행언어, 권, 호, 시작페이지, 끝페이지, ISBN, ISSN, 주제분야, 키워드, 초록(한글), 초록(영문), 저자(소속기관)
저장형식	Text(ASCII format) Excel format RefWorks Direct Export RIS format (for Reference Manager, ProCite, EndNote), Scholar's Aids, Mendeley
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Combating advanced persistent threats: From network event correlation to incident detection

Abstract ▼ AI-Helper

주제어

참고문헌 (35)

이 논문을 인용한 문헌

관련 콘텐츠

원문 URL 링크

이 논문과 함께 이용한 콘텐츠

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트