Abstract
Bring Your Own Device (BYOD) concept has become popular amongst organization. However, due to its portability and information available through social network, BYOD has become susceptible to information stealing attacks such as Advanced Persistent Threat (APT) attack. APT attack uses tricky methods in getting access into the target’s machine and mostly motives and stand as a threat to politics, corporate, academic and even military. Various mitigation techniques have been proposed in tackling this attack but, most of them are relying on available information of the attacks and does not provide data protection. Hence, it is challenging in providing protection against APT attack. In this paper, we will investigate on the available mitigation techniques and its problems in tackling APT attack by looking on the root cause of the attack inside BYOD environment. Lastly, based on the information obtained we will propose a new framework in reducing APT attack.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Fischer, N., Smolnik, S.: The impact of mobile computing on individuals, organizations, and society - synthesis of existing literature and directions for future research. In: IEEE 2013 46th Hawaii International Conference System Sciences (HICSS), pp. 1082–1091 (2013)
Dover, S.: CBS News, Study: Number of smartphone users tops 1 billion. http://www.cbsnews.com/8301-205_162-57534583/
La Polla, M., Martinelli, F., Sgandurra, D.: A Survey on Security for Mobile Devices. IEEE Communications Surveys & Tutorials 15(1), 446–471 (2013)
Fossi, M., Egan, G.Y., Haley, K., Johnson, E., Mack, T., Adams, T., Blackbird, J., Low, M.K., Mazurek, D., McKinney, D., Wood, P.: Symantec Internet Security Threat Report – Trends for 2010, Technical Report Volume 16, Symantec (2011)
Mobile Security Reference Architecture, Federal CIO Council and Department of Homeland Security National Protection and Program Directorate Office of Cybersecurity and Communications Federal Network Resilience (2013)
Schmidt, A., Schmidt, H., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, A.: Smartphone malware evolution revisited: android next target?. In: IEEE 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 1–7 (2009)
Tankard, C.: Advanced Persistent Threats and How to Monitor and Deter Them. Network Security 2011(8), 16–19 (2011)
Sood, A.K., Enbody, R.J.: Targeted Cyberattacks: A Superset of Advanced Persistent Threats. IEEE Security & Privacy 11(1), 54–61 (2013)
Mustafa, T.: Malicious data leak prevention and purposeful evasion attacks: an approach to advanced persistent threat (APT) management. In: 2013 Saudi International Electronics, Communications and Photonics Conference, SIECPC, pp. 1–5 (2013)
Virvilis, N., Gritzalis, D.: Trusted computing vs. advanced persistent threats: can a defender win this game? In: 2013 IEEE 10th International Conference on Autonomic and Trusted Computing (UIC/ATC) Ubiquitous Intelligence and Computing, pp. 396–403 (2013)
Parmar, B.: Protecting against spear-phishing. Computer Fraud & Security 2012(1), 8–11 (2012)
Hipolito, J.M.: DUQU Uses STUXNET-Like Techniques to Conduct Information Theft. TrendMicro. http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/90/duqu-uses-stuxnetlike-techniques-to-conduct-information-theft
Storm., D.: Red October 5-year cyber espionage attack: Malware resurrects itself. Computerworld (2013). http://www.computerworld.com/article/2474163/cybercrime-hacking/red-october-5-year-cyber-espionage-attack–malware-resurrects-itself.html
GReAT Miniduke is back: Nemesis Gemina and the Botgen Studio. KASPERSKY lab (2013). http://securelist.com/blog/incidents/64107/miniduke-is-back-nemesis-gemina-and-the-botgen-studio/
Morrow, B.: BYOD security challenges: control and protect your most sensitive data. Network Security 2012(12), 5–8 (2012)
Noor, M.M., Hassan, W.H.: Wireless Networks: Developments, Threats and Countermeasures. International Journal of Digital Information and Wireless Communication (IJDIWC) 3(1), 119–134 (2013)
Meadows, R.: ISACA Global Study: Organizations Not Prepared for Advanced Cyberthreats; Big Gaps in Education and Mobile Security Remain (2014). http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/ISACA-Global-APT-Survey.aspx
Leavitt, N.: Today’s Mobile Security Requires a New Approach. Computer 46(11), 16–19 (2013)
Osterman Research by Dell : The Need for IT to Get in Front of the BYOD Problem. White paper, Osterman Research Inc. (2012)
Websense: Advanced Persistent Threats and Other Advanced Attacks: Threat Analysis and Defense Strategies for SMB, Mid-Size, and Enterprise Organizations. White paper, Websense Inc. (2011)
Zhauniarovich, Y., Russello, G., Conti, M., Crispo, B., Fernandes, E.: MOSES: Supporting and Enforcing Security Profiles on Smartphones. IEEE Transactions Dependable and Secure Computing 11(3), 211–223 (2014)
Jafarian, J.H., Amini, M., Jalili, R.: A context-aware mandatory access control model for multilevel security environments. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 401–414. Springer, Heidelberg (2008)
Suhendra, V.: A survey on access control deployment. In: Kim, T.-h., Adeli, H., Fang, W.-c., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds.) SecTech 2011. CCIS, vol. 259, pp. 11–20. Springer, Heidelberg (2011)
Stallings, W., Brown, L.: Computer Security: Principles and Practice. Prentice Hill (2008)
Anderson, M., Montague, P., Long, B.: A context-based integrity framework. In: 2012 19th Asia-Pacific Software Engineering Conference (APSEC), vol.1, pp. 1–9. IEEE (2012)
SafeLogic. SafeLogic Inc. (2015). http://www.safelogic.com/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zulkefli, Z., Singh, M.M., Malim, N.H.A.H. (2015). Advanced Persistent Threat Mitigation Using Multi Level Security – Access Control Framework. In: Gervasi, O., et al. Computational Science and Its Applications -- ICCSA 2015. ICCSA 2015. Lecture Notes in Computer Science(), vol 9158. Springer, Cham. https://doi.org/10.1007/978-3-319-21410-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-21410-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-21409-2
Online ISBN: 978-3-319-21410-8
eBook Packages: Computer ScienceComputer Science (R0)