Abstract
Advanced Persistent Threats (APTs) are increasingly being a risk for companies and institutions because of their distributed, complicated, multi-step and targeted behaviors. The amount of sensitive data in organizations are increasing and APTs threaten organizations by exfiltrating these data from the organization. The sensitive data not only include structured data such as credit card numbers but also unstructured data such as a private report created by the company. Although Data Leakage Prevention (DLP) systems are improving in terms of detecting the leakage of sensitive data, APTs’ sophisticated methods are still successful against DLP systems. The characteristics of APTs require a prevention system that can semantically and hierarchically correlate basic elements and actions in the system with behaviors of an APT across the organization. Among many effort to classify APT behavior, MITRE’s ATT&CK matrix for enterprise is widely accepted as an effective topology for the APT behavior. In this paper, an ontology based approach to achieve data leakage prevention against APTs is proposed. The proposed approach correlates low-level event details with APT techniques and tactics defined in MITRE’s ATT&CK matrix.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
More, S., Matthews, M., Joshi, A., Finin, T.: A knowledge-based approach to intrusion detection modeling. In: IEEE Symposium on Security and Privacy Workshops, pp. 75–81. IEEE, San Francisco (2012). https://doi.org/10.1109/SPW.2012.26
Rashid, A., et al.: Detecting and Preventing Data Exfiltration. Lancaster University, Academic Centre of Excellence in Cyber Security Research, Security Lancaster Report (2013)
Kafka, F.: ESET’s guide to deobfuscating and devirtualizing FinFisher (2018). https://www.eset.com/me/whitepapers/wp-finfisher/. Accessed 30 June 2019
Canfora, G., Medvet, E., Mercaldo, F., Visaggio, C.A.: Detecting android malware using sequences of system calls. In: Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile, pp. 13–20. ACM, Bergamo (2015). https://doi.org/10.1145/2804345.2804349
Ravi, C., Manoharan, R.: Malware detection using windows Api sequence and machine learning (0975–8887). Int. J. Comput. Appl. 43(17), 12–16 (2012)
Alneyadi, S., Sithirasenan, E., Muthukkumarasamy, V.: A survey on data leakage prevention systems. J. Network Comput. Appl. 62, 137–152 (2016)
Shabtai, A., Rokach, L., Elovici, Y.: A Survey of Data Leakage Detection and Prevention Solutions, 1st edn. Springer-Verlag, New York (2012). https://doi.org/10.1007/978-1-4614-2053-8
Choi, J., Choi, C., Lynn, H.M., Kim, P.: Ontology based APT attack behavior analysis in cloud computing. In: 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp. 375–379. IEEE, Krakow (2015). https://doi.org/10.1109/BWCCA.2015.69
Woo, S., On, J., Lee, M.: Behavior ontology: a framework to detect attack patterns for security. In: 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 738–743. IEEE, Barcelona (2013). https://doi.org/10.1109/WAINA.2013.42
Zhu, Y.: Attack pattern ontology: a common language for cyber security information sharing. Master Thesis, TUDelft - Delft University of Technology (2015)
Grègio, A., Bonacin, R., De Marchi, A.C., Nabuco, O.F., De Geus, P.L.: An ontology of suspicious software behavior. Appl. Ontology 11(1), 29–49 (2016)
Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3), 251–266 (2008)
Väisänen, T., Trinberg, L., Pissanidis, N.: I accidentally malware - what should I do. is this dangerous? Overcoming inevitable risks of electronic communication. NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia (2016)
Kott, A., Wang, C., Erbacher, R.F. (eds.): Cyber Defense and Situational Awareness. ADIS, vol. 62. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11391-3
Singh, S., Sharma, P.K., Moon, S.Y., Moon, D., Park, J.H.: A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J. Supercomputing 75(8), 4543–4574 (2016)
Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., Venkatakrishnan, V.N.: HOLMES: real-time APT detection through correlation of suspicious information flows. In: The 40th IEEE Symposium on Security and Privacy, pp. 447–462. IEEE, San Fransisco (2019)
Blasco, J., Hernandez-Castro, J.C., Tapiador, J.E., Ribagorda, A.: Bypassing information leakage protection with trusted applications. Comput. Secur. 31(4), 557–568 (2012)
Mustafa, T.: Malicious data leak prevention and purposeful evasion attacks: an approach to Advanced Persistent Threat (APT) management. In: Saudi International Electronics, Communications and Photonics Conference, pp. 1–5. IEEE, Fira (2013). https://doi.org/10.1109/SIECPC.2013.6551028
Moon, D., Im, H., Kim, I., Park, J.H.: DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomputing 73(7), 2881–2895 (2017)
Gupta, S., Sharma, H., Kaur, S.: Malware characterization using windows API call sequences. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 271–280. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49445-6_15
Drummond, N., et al.: Putting OWL in order: Patterns for sequences in OWL. In: 2nd OWL Experiences and Directions Workshop (OWLED), Athens, Georgia, USA (2006)
Canzanese, R., Mancoridis, S., Kam, M.: System call-based detection of malicious processes. In: International Conference on Software Quality, Reliability and Security, pp. 119–124. IEEE, Vancouver (2015). https://doi.org/10.1109/QRS.2015.26
Acknowledgment
This work was supported by TUBITAK, the Scientific and Technological Research Council of Turkey (Grant No. 117E100).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Kaya, E., Özçelik, İ., Can, Ö. (2019). An Ontology Based Approach for Data Leakage Prevention Against Advanced Persistent Threats. In: Garoufallou, E., Fallucchi, F., William De Luca, E. (eds) Metadata and Semantic Research. MTSR 2019. Communications in Computer and Information Science, vol 1057. Springer, Cham. https://doi.org/10.1007/978-3-030-36599-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-36599-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36598-1
Online ISBN: 978-3-030-36599-8
eBook Packages: Computer ScienceComputer Science (R0)