Abstract
Advanced Persistent Threat (APT) principally steal data once the attacker gains unauthorized access to network resources. In this paper, we propose a detection and defense technique based on SecMonet framework to avoid this sophisticated attack. SecMonet is a security framework that can gather events and flows, normalize them, create a valuable dataset, train a classifier based neural networks, and detect and defend against APT attacks. In this regard, log data from logging servers or Firewall has been considered by SecMonet. In addition, a ranking criterion for detected suspicious activities has been also considered by the classifier to detect APT attack. The proposed method has been evaluated by a local simulated network and by a real network scenario. The result shows that the proposed technique can significantly detected APT attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Vance, A.: Flow based analysis of advanced persistent threats. In: IEEE First International Scientific-Practical Conference: Problems of Info Communications. Science and Technology, Kharkov, Ukraine, pp. 173–176 (2014)
Vukalović, J., Delija, D.: Advanced persistent threats - detection and defense. In: International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, pp. 1324–1330 (2015)
Salem, M.: Adaptive Real-Time Anomaly-based Intrusion Detection Using Data Mining and Machine Learning Techniques. Kassel University, Kassel (2014)
Salem, M., Buehler, U.: Mining techniques in network security to enhance intrusion detection systems. Int. J. Netw. Secur. Appl. 4(6), 51–66 (2012)
Salem, M., Buehler, U.: An enhanced GHSOM for IDS. In: IEEE International Conference on Systems, Man, and Cybernetics, Manchester, UK, pp. 1138–1143 (2014)
Salem, M.: Normal Network Behavior Model: In Adaptive Real-time Anomaly-based Intrusion Detection using Data Mining and Machine Learning Techniques, pp. 96–99. University Kassel, Kassel (2014)
Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: IFIP International Conference on Communications and Multimedia Security, Berlin, pp. 63–72 (2014)
Ussath, M., Jaeger, D., Cheng, F., Meinel, C.: Advanced persistent threats: behind the scenes. In: Annual Conference on Information Science and Systems (CISS), Princeton, NJ, USA, pp. 181–186 (2016)
Bhatt, P., Toshiro Yano, E., Gustavsson, P.M.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: IEEE 8th International Symposium on Service Oriented System Engineering, Oxford, UK, pp. 390–395 (2014)
Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)
Quader, F., Janeja, V., Stauffer, J.: Persistent threat pattern discovery. In: IEEE International Conference on Intelligence and Security Informatics (ISI), Baltimore, MD, USA, pp. 179–181 (2015)
Chandran, S., Hrudya, P., Poornachandran, P.: An efficient classification model for detecting advanced persistent threat. In: ICACCI, pp. 2001–2009. IEEE, India (2015)
Yang, L.X., Li, P., Yang, X.: Security evaluation of the cyber networks under advanced persistent threats. IEEE Access 5, 20111–20123 (2017)
Niu, W., Zhang, X., Yang, G., Chen, R., Wang, D.: Modeling attack process of advanced persistent threat using network evolution. IEICE Trans. Inf. Syst. E100.D(10), 2275–2286 (2017)
AbdElatif Mohamed, N., Jantan, A., Isaac Abiodun, O.: An improved behaviour specification to stop advanced persistent threat on governments and organizations network. In: Proceedings of the International MultiConference of Engineers and Computer Scientists, pp. 219–224. International Association of Engineers (IAENG), Hong Kong (2018)
Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against advanced persistent threat with insiders. In: IEEE Conference on Computer Communications (INFOCOM), pp. 747–755. IEEE, Kowloon (2015)
Rass, S., Koenig, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PLOS ONE 12(1), e0168675 (2017)
Salem, M., Buehler, U.: A comprehensive model for revealing anomaly in network data flow. In: Lecture Notes in Informatics Proceedings, pp. 913–924. Gesellschaft für Informatik e.V., Bonn (2014)
Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for Advanced Persistent Threat detection. Comput. Netw. 109(2), 127–141 (2016)
Salem, M., Buehler, U.: Transforming voluminous data flow into continuous connection vectors for IDS. Int. J. Internet Technol. Secur. Trans. 5(4), 307–326 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Salem, M., Mohammed, M. (2019). Feasibility Approach Based on SecMonet Framework to Protect Networks from Advanced Persistent Threat Attacks. In: Barolli, L., Xhafa, F., Khan, Z., Odhabi, H. (eds) Advances in Internet, Data and Web Technologies. EIDWT 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 29. Springer, Cham. https://doi.org/10.1007/978-3-030-12839-5_30
Download citation
DOI: https://doi.org/10.1007/978-3-030-12839-5_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12838-8
Online ISBN: 978-3-030-12839-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)