Correlate the Advanced Persistent Threat Alerts and Logs for Cyber Situation Comprehension

The paper documents, based mainly on [3]-[6] published papers where a consistent mathematical description of cyberspace and various types of Cyber-Attacks and protection measures are presented, a holistic mathematical approach to a rigorous description of Advanced Persistent Threat (APT) actors’ modus operandi through various scenarios and Cyber Kill Chain stages [2]. After referring [6] to the various elements of Cyber-Attacks we propose some techniques (via 5 scenarios) of tracking the modus operandi of the most sophisticated and non-linear cyber actors, the Advanced Persistent Threat actors that are usually nation-state or nation-state backed and usually stay undetected for an extended time in later stages of Cyber Kill Chain in defenders’ networks. Keywords: Valuation of cyber assets, vulnerability of cyber assets, node supervision, sophistication of an attack germ of cyber-attack, cyber defense, proactive cyber protection, Advanced Persistent Threat (APT) actors, Indication of Compromise (IOC), Tactics, Techniques and Procedures (TTPs).

Download Full-text

Towards proactive detection of advanced persistent threat (APT) attacks using honeypots

Proceedings of the 8th International Conference on Security of Information and Networks - SIN '15 ◽

10.1145/2799979.2800042 ◽

2015 ◽

Cited By ~ 7

Author(s):

Zainab Saud ◽

M. Hasan Islam

Keyword(s):

Advanced Persistent Threat

Download Full-text

MODELING, ANALYSIS AND COUNTERING SCENARIOS OF PREPARING COMPUTER ATTACKS REALIZED BY THE GROUP APT3 IN DISTRIBUTED COMPUTER SYSTEMS

ИНФОРМАЦИЯ И БЕЗОПАСНОСТЬ ◽

10.36622/vstu.2021.24.1.004 ◽

2021 ◽

pp. 35-46

Author(s):

Алексей Леонидович Сердечный ◽

Александр Владимирович Айдаркин ◽

Михаил Андреевич Тарелкин ◽

Анна Евгеньевна Дешина

Keyword(s):

Petri Nets ◽

Computer Systems ◽

Protection System ◽

Protection Measures ◽

Advanced Persistent Threat ◽

Modeling Methods ◽

Modeling Analysis ◽

Protected Object ◽

Computer Attacks ◽

Distributed Computer Systems

В работе представлены результаты моделирования способов реализации долговременных целенаправленных атак на корпоративные распределённые компьютерные системы со стороны одной из опасных киберпреступных группировкок - Advanced Persistent Threat 3 (APT3). Осуществлено моделирование способов, реализуемых APT3. Построение моделей осуществлялось с использованием аппарата сетей Петри на основании сведений о технических приёмах, содержащихся в базе данных MITRE ATT&CK. Разработанные модели взаимосвязаны по условиям и последствиям реализации основных технических приёмов, актуальных для корпоративных распределённых компьютерных сетей. Реализованный подход также позволяет моделировать меры защиты, регламентируемые нормативными и методическим документами, что даст возможность принятия обоснованных решений при построении системы защиты с учётом специфики защищаемого объекта. The paper presents the results of modeling methods for implementing APT-attacks on corporate distributed computer systems by one of the most dangerous cybercrime groups - Advanced Persistent Threat 3 (APT3). The methods implemented by APT3 are modeled. The models were constructed using the Petri nets apparatus based on the information about technical techniques contained in the MITRE ATT&CK database. The developed models are interrelated in terms of the conditions and consequences of the implementation of the main technical techniques relevant for corporate distributed computer networks. The implemented approach also allows to model the protection measures from regulatory and methodological documents, which will make it possible to make informed decisions when building a protection system, taking into account the specifics of the protected object.

Download Full-text

MODELING, ANALYSIS AND COUNTERING SCENARIOS OF PREPARING COMPUTER ATTACKS REALIZED BY THE GROUP APT29 IN DISTRIBUTED COMPUTER SYSTEMS

ИНФОРМАЦИЯ И БЕЗОПАСНОСТЬ ◽

10.36622/vstu.2021.24.1.008 ◽

2021 ◽

pp. 83-92

Author(s):

Алексей Леонидович Сердечный ◽

Павел Сергеевич Краюшкин ◽

Михаил Андреевич Тарелкин ◽

Юрий Константинович Язов

Keyword(s):

Petri Nets ◽

Computer Systems ◽

Network Models ◽

Protection Measures ◽

Markov Network ◽

Advanced Persistent Threat ◽

Modeling Analysis ◽

Computer Attacks ◽

The Relationship ◽

Distributed Computer Systems

Статья посвящена моделированию компьютерных атак на распределённые корпоративные компьютерные системы, на примере действий группировки Advanced Persistent Threat 29 (APT29). В статье предлагается подход моделирования способов, реализуемых указанной группировкой, а также мер защиты от них. Подход основан на использовании аппарата сетей Петри, а также сведений о технических приёмах, предоставляемых в рамках проекта MITRE ATT&CK. Разработанные модели учитывают связи по условиям и последствиям действий, совершаемых группировкой APT29 в ходе атак на распределённые корпоративные системы. Также в статье продемонстрирована возможность наращивания модели за счёт включения в неё моделей мер защиты от рассмотренных способов реализации компьютерных атак. Предлагаемые модели могут быть дополнены за счёт моделирования новых способов реализации компьютерных атак, используемых другими кибергруппировками. Кроме того, модели могут быть расширены до моделей сети Петри-Маркова путём реализации частным методик расчёта вероятностно-временных характеристик для фрагментов предлагаемых моделей. The article is devoted to modeling computer attacks on distributed corporate computer systems, using the example of the actions of the Advanced Persistent Threat 29 (APT29) group. The article proposes an approach to modeling the methods implemented by this grouping, as well as measures to protect against them. The approach is based on Petri nets and information about the techniques (MITRE ATT&CK project). The developed models take into account the relationship between the conditions and consequences of actions committed by the APT29 group during attacks on distributed enterprise systems. The article also demonstrates the possibility of increasing the model by including models of protection measures against the considered methods of implementing computer attacks. The proposed models can be supplemented by modeling new ways of implementing computer attacks used by other cyber groups. In addition, the models can be extended to Petri-Markov network models by implementing special methods for calculating probabilistic-time characteristics for fragments of the proposed models.

Download Full-text

Advanced Persistent Threat Detection: A Survey

2021 3rd International Cyber Resilience Conference (CRC) ◽

10.1109/crc50527.2021.9392626 ◽

2021 ◽

Author(s):

Adam Khalid ◽

Anazida Zainal ◽

Mohd Aizaini Maarof ◽

Fuad A. Ghaleb

Keyword(s):

Threat Detection ◽

Advanced Persistent Threat

Download Full-text

Improved Methodology to Detect Advanced Persistent Threat Attacks

Quantum Cryptography and the Future of Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2253-0.ch009 ◽

2020 ◽

pp. 184-202

Author(s):

Ambika N.

Keyword(s):

Intellectual Property ◽

Public Key Cryptography ◽

Public Key ◽

Sleep Mode ◽

Data Reliability ◽

Advanced Persistent Threat ◽

Hash Code ◽

Long Time

Cybersecurity is essentials in today's era. An increase in cyberattacks has driven caution to safeguard data. An advanced persistent attack is an attack where the intellectual property of an organization is attempted to be misused. The attacker stays on the network for a long-time intruding into confidential files. The attacker switches into sleep mode, masking himself. Hence, the attacker is quite difficult to trace. The proposed work is suggested to tackle the problem. Public key cryptography is used to encrypt the data. The hash code is affixed to the transmitted message to provide reliability to the transmitted data. The work proves to be 4.9% stronger in authenticating the received packets, provides 4.42% greater data reliability, and decreases the load of the server by 43.5% compared to work.

Download Full-text