Skip to main content
SpringerLink
Log in

An Ontology Based Approach for Data Leakage Prevention Against Advanced Persistent Threats

  • Conference paper
  • First Online:
Metadata and Semantic Research (MTSR 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1057))

Included in the following conference series:

  • 835 Accesses

Abstract

Advanced Persistent Threats (APTs) are increasingly being a risk for companies and institutions because of their distributed, complicated, multi-step and targeted behaviors. The amount of sensitive data in organizations are increasing and APTs threaten organizations by exfiltrating these data from the organization. The sensitive data not only include structured data such as credit card numbers but also unstructured data such as a private report created by the company. Although Data Leakage Prevention (DLP) systems are improving in terms of detecting the leakage of sensitive data, APTs’ sophisticated methods are still successful against DLP systems. The characteristics of APTs require a prevention system that can semantically and hierarchically correlate basic elements and actions in the system with behaviors of an APT across the organization. Among many effort to classify APT behavior, MITRE’s ATT&CK matrix for enterprise is widely accepted as an effective topology for the APT behavior. In this paper, an ontology based approach to achieve data leakage prevention against APTs is proposed. The proposed approach correlates low-level event details with APT techniques and tactics defined in MITRE’s ATT&CK matrix.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://attack.mitre.org/.

  2. 2.

    https://attack.mitre.org/groups/G0022.

  3. 3.

    https://easyhook.github.io/.

References

  1. More, S., Matthews, M., Joshi, A., Finin, T.: A knowledge-based approach to intrusion detection modeling. In: IEEE Symposium on Security and Privacy Workshops, pp. 75–81. IEEE, San Francisco (2012). https://doi.org/10.1109/SPW.2012.26

  2. Rashid, A., et al.: Detecting and Preventing Data Exfiltration. Lancaster University, Academic Centre of Excellence in Cyber Security Research, Security Lancaster Report (2013)

    Google Scholar 

  3. Kafka, F.: ESET’s guide to deobfuscating and devirtualizing FinFisher (2018). https://www.eset.com/me/whitepapers/wp-finfisher/. Accessed 30 June 2019

  4. Canfora, G., Medvet, E., Mercaldo, F., Visaggio, C.A.: Detecting android malware using sequences of system calls. In: Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile, pp. 13–20. ACM, Bergamo (2015). https://doi.org/10.1145/2804345.2804349

  5. Ravi, C., Manoharan, R.: Malware detection using windows Api sequence and machine learning (0975–8887). Int. J. Comput. Appl. 43(17), 12–16 (2012)

    Google Scholar 

  6. Alneyadi, S., Sithirasenan, E., Muthukkumarasamy, V.: A survey on data leakage prevention systems. J. Network Comput. Appl. 62, 137–152 (2016)

    Article  Google Scholar 

  7. Shabtai, A., Rokach, L., Elovici, Y.: A Survey of Data Leakage Detection and Prevention Solutions, 1st edn. Springer-Verlag, New York (2012). https://doi.org/10.1007/978-1-4614-2053-8

    Book  Google Scholar 

  8. Choi, J., Choi, C., Lynn, H.M., Kim, P.: Ontology based APT attack behavior analysis in cloud computing. In: 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp. 375–379. IEEE, Krakow (2015). https://doi.org/10.1109/BWCCA.2015.69

  9. Woo, S., On, J., Lee, M.: Behavior ontology: a framework to detect attack patterns for security. In: 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 738–743. IEEE, Barcelona (2013). https://doi.org/10.1109/WAINA.2013.42

  10. Zhu, Y.: Attack pattern ontology: a common language for cyber security information sharing. Master Thesis, TUDelft - Delft University of Technology (2015)

    Google Scholar 

  11. Grègio, A., Bonacin, R., De Marchi, A.C., Nabuco, O.F., De Geus, P.L.: An ontology of suspicious software behavior. Appl. Ontology 11(1), 29–49 (2016)

    Article  Google Scholar 

  12. Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3), 251–266 (2008)

    Article  Google Scholar 

  13. Väisänen, T., Trinberg, L., Pissanidis, N.: I accidentally malware - what should I do. is this dangerous? Overcoming inevitable risks of electronic communication. NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia (2016)

    Google Scholar 

  14. Kott, A., Wang, C., Erbacher, R.F. (eds.): Cyber Defense and Situational Awareness. ADIS, vol. 62. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11391-3

    Book  Google Scholar 

  15. Singh, S., Sharma, P.K., Moon, S.Y., Moon, D., Park, J.H.: A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J. Supercomputing 75(8), 4543–4574 (2016)

    Article  Google Scholar 

  16. Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.N.: HOLMES: real-time APT detection through correlation of suspicious information flows. In: The 40th IEEE Symposium on Security and Privacy, pp. 447–462. IEEE, San Fransisco (2019)

    Google Scholar 

  17. Blasco, J., Hernandez-Castro, J.C., Tapiador, J.E., Ribagorda, A.: Bypassing information leakage protection with trusted applications. Comput. Secur. 31(4), 557–568 (2012)

    Article  Google Scholar 

  18. Mustafa, T.: Malicious data leak prevention and purposeful evasion attacks: an approach to Advanced Persistent Threat (APT) management. In: Saudi International Electronics, Communications and Photonics Conference, pp. 1–5. IEEE, Fira (2013). https://doi.org/10.1109/SIECPC.2013.6551028

  19. Moon, D., Im, H., Kim, I., Park, J.H.: DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomputing 73(7), 2881–2895 (2017)

    Article  Google Scholar 

  20. Gupta, S., Sharma, H., Kaur, S.: Malware characterization using windows API call sequences. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 271–280. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49445-6_15

    Chapter  Google Scholar 

  21. Drummond, N., et al.: Putting OWL in order: Patterns for sequences in OWL. In: 2nd OWL Experiences and Directions Workshop (OWLED), Athens, Georgia, USA (2006)

    Google Scholar 

  22. Canzanese, R., Mancoridis, S., Kam, M.: System call-based detection of malicious processes. In: International Conference on Software Quality, Reliability and Security, pp. 119–124. IEEE, Vancouver (2015). https://doi.org/10.1109/QRS.2015.26

Download references

Acknowledgment

This work was supported by TUBITAK, the Scientific and Technological Research Council of Turkey (Grant No. 117E100).

Author information

Authors and Affiliations

  1. Faculty of Computer and Information Sciences, Sakarya University, Sakarya, Turkey

    Emrah Kaya & İbrahim Özçelik

  2. Department of Computer Engineering, Ege University, Bornova-Izmir, Turkey

    Özgü Can

Authors
  1. Emrah Kaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. İbrahim Özçelik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Özgü Can
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emrah Kaya .

Editor information

Editors and Affiliations

  1. International Hellenic University, Thessaloniki, Greece

    Emmanouel Garoufallou

  2. Guglielmo Marconi University, Rome, Italy

    Francesca Fallucchi

  3. Georg Eckert Institute – Leibniz Institute for International Textbook Research, Braunschweig, Germany

    Ernesto William De Luca

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kaya, E., Özçelik, İ., Can, Ö. (2019). An Ontology Based Approach for Data Leakage Prevention Against Advanced Persistent Threats. In: Garoufallou, E., Fallucchi, F., William De Luca, E. (eds) Metadata and Semantic Research. MTSR 2019. Communications in Computer and Information Science, vol 1057. Springer, Cham. https://doi.org/10.1007/978-3-030-36599-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36599-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36598-1

  • Online ISBN: 978-3-030-36599-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation