Skip to main content
SpringerLink
Log in

A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory

  • Conference paper
  • First Online:
Computational Data and Social Networks (CSoNet 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11280))

Included in the following conference series:

Abstract

Advanced Persistent Threat (APT) attacks are a major concern for the modern societal digital infrastructures due to their highly sophisticated nature. The purpose of these attacks varies from long period espionage in high level environment to causing maximal destruction for targeted cyber environment. Attackers are skilful and well funded by governments in many cases. Due to sophisticated methods it is highly important to study proper countermeasures to detect these attacks as early as possible. Current detection methods under-performs causing situations where an attack can continue months or even years in a targeted environment. We propose a novel method for analysing APT attacks through OODA loop and Black Swan theory by defining them as a multi-vector multi-stage attacks with continuous strategical ongoing campaign. Additionally it is important to notice that for developing better performing detection methods, we have to find the most common factor within these attacks. We can state that the most common factor of APT attacks is communication, thus environment has to be developed in a way that we are able to capture complete network flow and analyse it.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Brogi, G., Tong, V.V.T.: TerminAPTor: highlighting Advanced Persistent Threats through information flow tracking. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (2016). https://doi.org/10.1109/NTMS.2016.7792480

  2. Vukalović, J., Delija, D.: Advanced Persistent Threats - detection and defense. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1324–1330 (2015). https://doi.org/10.1109/MIPRO.2015.7160480

  3. Chandran, S., Hrudya, P., Poornachandran, P.: An efficient classification model for detecting Advanced Persistent Threat. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2001–2009 (2015). https://doi.org/10.1109/ICACCI.2015.7275911

  4. Settanni, G., Shovgenya, Y., Skopik, F., Graf, R., Wurzenberger, M., Fiedler, R.: Acquiring cyber threat intelligence through security information correlation. In: 2017 3rd IEEE International Conference on Cybernetics (CYBCONF) (2017). https://doi.org/10.1109/CYBConf.2017.7985754

  5. Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against Advanced Persistent Threat with insiders. In: 2015 IEEE Conference on Computer Communications (INFOCOM), pp. 747–755 (2015). https://doi.org/10.1109/INFOCOM.2015.7218444

  6. Ussath, M., Jaeger, D., Cheng, F.: Advanced Persistent Threats: behind the scenes. In: 2016 Annual Conference on Information Science and Systems (CISS) (2016). https://doi.org/10.1109/CISS.2016.7460498

  7. Messaoud, B., Guennoun, K., Wahbi, M., Sadik, M.: Advanced Persistent Threat: new analysis driven by life cycle phases and their challenges. In: 2016 International Conference on Advanced Communication Systems and Information Security (ACOSIS) (2016). https://doi.org/10.1109/ACOSIS.2016.7843932

  8. Bhatt, P., Yano, E.T., Gustavsson, P.M.: Towards a framework to detect multi-stage Advanced Persistent Threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering, pp. 390–395 (2014). https://doi.org/10.1109/SOSE.2014.53

  9. Vance, A.: Flow based analysis of Advanced Persistent Threats detecting targeted attacks in cloud computing. In: 2014 First International Scientific-Practical Conference Problems of Infocommunications Science and Technology, pp. 173–176 (2014). https://doi.org/10.1109/INFOCOMMST.2014.6992342

  10. Xiao, L., Xu, D., Mandayam, N.B., Poor, H.V.: Attacker-centric view of a detection game against Advanced Persistent Threats. In: IEEE Transactions on Mobile Computing (2018). https://doi.org/10.1109/TMC.2018.2814052

    Article  Google Scholar 

  11. Eidle, D., Ni, S.Y., DeCusatis, C., Sager, A.: Autonomic security for zero trust networks. In: 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON) (2017). https://doi.org/10.1109/UEMCON.2017.8249053

  12. Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of Advanced Persistent Threats. IEEE Access 6, 13958–13971 (2018). https://doi.org/10.1109/ACCESS.2018.2814481

    Article  Google Scholar 

  13. Taleb, N.: The Black Swan: The Impact of the Highly Improbable. Random House, New York (2007)

    Google Scholar 

  14. Zeng, Z., Zio, E.: Modelling unexpected failures with a hierarchical Bayesian model. In: 2017 2nd International Conference on System Reliability and Safety (ICSRS), pp. 135–139 (2017). https://doi.org/10.1109/ICSRS.2017.8272809

  15. Arney, C., et al..: Using rare event modeling & networking to build scenarios and forecast the future. In: 2013 IEEE 2nd Network Science Workshop (NSW), pp. 29–64 (2013). https://doi.org/10.1109/NSW.2013.6609191

  16. Révay, M., Líška, M.: OODA loop in command & control systems. In: 2017 Communication and Information Technologies (KIT) (2017). https://doi.org/10.23919/KIT.2017.8109463

  17. Dapeng, G., Jianming, H., Yuhu, Guoqian, X., Nainiang, Z.: Research on combat SD model based on OODA loop. In: 2015 2nd International Conference on Information Science and Control Engineering, pp. 884–888 (2015). https://doi.org/10.1109/ICISCE.2015.201

  18. Ma, L., Zhang, M., Zhou, Z.: The OODA loop robustness evaluation based on OSOS combat network. In: 2014 International Conference on Information and Communications Technologies (ICT 2014) (2014). https://doi.org/10.1049/cp.2014.0583

  19. Blasch, E.P., Breton, R., Valin, P., Bosse, E.: User information fusion decision making analysis with the C-OODA model. In: 14th International Conference on Information Fusion (2011)

    Google Scholar 

  20. Fusano, A., Sato, H., Namatame, A.: Study of multi-agent based combat simulation for grouped OODA loop. In: SICE Annual Conference 2011, pp. 131–136 (2011)

    Google Scholar 

  21. Bilar, D., Saltaformaggio, B.: Using a novel behavioral stimuli-response framework to defend against adversarial cyberspace participants. In: 2011 3rd International Conference on Cyber Conflict (2011)

    Google Scholar 

  22. Bodström, T., Hämäläinen, T.: State of the art literature review on network anomaly detection. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds.) NEW2AN/ruSMART 2018. LNCS, vol. 11118, pp. 89–101. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01168-0_9

    Chapter  Google Scholar 

  23. Bodström, T., Hämäläinen, T.: State of the art literature review on network anomaly detection with deep learning. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds.) NEW2AN/ruSMART 2018. LNCS, vol. 11118, pp. 64–76. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01168-0_7

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Information Technology, University of Jyväskylä, P.O. Box 35, Agora, 40014, Jyväskylä, Finland

    Tero Bodström & Timo Hämäläinen

Authors
  1. Tero Bodström
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timo Hämäläinen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tero Bodström .

Editor information

Editors and Affiliations

  1. Texas Southern University, Houston, TX, USA

    Xuemin Chen

  2. Ira A. Fulton School of Engineering, Tempe, AZ, USA

    Arunabha Sen

  3. Texas Southern University, Houston, TX, USA

    Wei Wayne Li

  4. University of Florida, Gainesville, AL, USA

    My T. Thai

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bodström, T., Hämäläinen, T. (2018). A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory. In: Chen, X., Sen, A., Li, W., Thai, M. (eds) Computational Data and Social Networks. CSoNet 2018. Lecture Notes in Computer Science(), vol 11280. Springer, Cham. https://doi.org/10.1007/978-3-030-04648-4_42

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-04648-4_42

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-04647-7

  • Online ISBN: 978-3-030-04648-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation