Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2015: Computational Science and Its Applications -- ICCSA 2015 pp 90–105Cite as

Advanced Persistent Threat Mitigation Using Multi Level Security – Access Control Framework

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9158))

Abstract

Bring Your Own Device (BYOD) concept has become popular amongst organization. However, due to its portability and information available through social network, BYOD has become susceptible to information stealing attacks such as Advanced Persistent Threat (APT) attack. APT attack uses tricky methods in getting access into the target’s machine and mostly motives and stand as a threat to politics, corporate, academic and even military. Various mitigation techniques have been proposed in tackling this attack but, most of them are relying on available information of the attacks and does not provide data protection. Hence, it is challenging in providing protection against APT attack. In this paper, we will investigate on the available mitigation techniques and its problems in tackling APT attack by looking on the root cause of the attack inside BYOD environment. Lastly, based on the information obtained we will propose a new framework in reducing APT attack.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Fischer, N., Smolnik, S.: The impact of mobile computing on individuals, organizations, and society - synthesis of existing literature and directions for future research. In: IEEE 2013 46th Hawaii International Conference System Sciences (HICSS), pp. 1082–1091 (2013)

    Google Scholar 

  2. Dover, S.: CBS News, Study: Number of smartphone users tops 1 billion. http://www.cbsnews.com/8301-205_162-57534583/

  3. La Polla, M., Martinelli, F., Sgandurra, D.: A Survey on Security for Mobile Devices. IEEE Communications Surveys & Tutorials 15(1), 446–471 (2013)

    Google Scholar 

  4. Fossi, M., Egan, G.Y., Haley, K., Johnson, E., Mack, T., Adams, T., Blackbird, J., Low, M.K., Mazurek, D., McKinney, D., Wood, P.: Symantec Internet Security Threat Report – Trends for 2010, Technical Report Volume 16, Symantec (2011)

    Google Scholar 

  5. Mobile Security Reference Architecture, Federal CIO Council and Department of Homeland Security National Protection and Program Directorate Office of Cybersecurity and Communications Federal Network Resilience (2013)

    Google Scholar 

  6. Schmidt, A., Schmidt, H., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, A.: Smartphone malware evolution revisited: android next target?. In: IEEE 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 1–7 (2009)

    Google Scholar 

  7. Tankard, C.: Advanced Persistent Threats and How to Monitor and Deter Them. Network Security 2011(8), 16–19 (2011)

    Article  Google Scholar 

  8. Sood, A.K., Enbody, R.J.: Targeted Cyberattacks: A Superset of Advanced Persistent Threats. IEEE Security & Privacy 11(1), 54–61 (2013)

    Google Scholar 

  9. Mustafa, T.: Malicious data leak prevention and purposeful evasion attacks: an approach to advanced persistent threat (APT) management. In: 2013 Saudi International Electronics, Communications and Photonics Conference, SIECPC, pp. 1–5 (2013)

    Google Scholar 

  10. Virvilis, N., Gritzalis, D.: Trusted computing vs. advanced persistent threats: can a defender win this game? In: 2013 IEEE 10th International Conference on Autonomic and Trusted Computing (UIC/ATC) Ubiquitous Intelligence and Computing, pp. 396–403 (2013)

    Google Scholar 

  11. Parmar, B.: Protecting against spear-phishing. Computer Fraud & Security 2012(1), 8–11 (2012)

    Article  Google Scholar 

  12. Hipolito, J.M.: DUQU Uses STUXNET-Like Techniques to Conduct Information Theft. TrendMicro. http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/90/duqu-uses-stuxnetlike-techniques-to-conduct-information-theft

  13. Storm., D.: Red October 5-year cyber espionage attack: Malware resurrects itself. Computerworld (2013). http://www.computerworld.com/article/2474163/cybercrime-hacking/red-october-5-year-cyber-espionage-attack–malware-resurrects-itself.html

  14. GReAT Miniduke is back: Nemesis Gemina and the Botgen Studio. KASPERSKY lab (2013). http://securelist.com/blog/incidents/64107/miniduke-is-back-nemesis-gemina-and-the-botgen-studio/

  15. Morrow, B.: BYOD security challenges: control and protect your most sensitive data. Network Security 2012(12), 5–8 (2012)

    Article  Google Scholar 

  16. Noor, M.M., Hassan, W.H.: Wireless Networks: Developments, Threats and Countermeasures. International Journal of Digital Information and Wireless Communication (IJDIWC) 3(1), 119–134 (2013)

    Google Scholar 

  17. Meadows, R.: ISACA Global Study: Organizations Not Prepared for Advanced Cyberthreats; Big Gaps in Education and Mobile Security Remain (2014). http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/ISACA-Global-APT-Survey.aspx

  18. Leavitt, N.: Today’s Mobile Security Requires a New Approach. Computer 46(11), 16–19 (2013)

    Article  Google Scholar 

  19. Osterman Research by Dell : The Need for IT to Get in Front of the BYOD Problem. White paper, Osterman Research Inc. (2012)

    Google Scholar 

  20. Websense: Advanced Persistent Threats and Other Advanced Attacks: Threat Analysis and Defense Strategies for SMB, Mid-Size, and Enterprise Organizations. White paper, Websense Inc. (2011)

    Google Scholar 

  21. Zhauniarovich, Y., Russello, G., Conti, M., Crispo, B., Fernandes, E.: MOSES: Supporting and Enforcing Security Profiles on Smartphones. IEEE Transactions Dependable and Secure Computing 11(3), 211–223 (2014)

    Article  Google Scholar 

  22. Jafarian, J.H., Amini, M., Jalili, R.: A context-aware mandatory access control model for multilevel security environments. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 401–414. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  23. Suhendra, V.: A survey on access control deployment. In: Kim, T.-h., Adeli, H., Fang, W.-c., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds.) SecTech 2011. CCIS, vol. 259, pp. 11–20. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  24. Stallings, W., Brown, L.: Computer Security: Principles and Practice. Prentice Hill (2008)

    Google Scholar 

  25. Anderson, M., Montague, P., Long, B.: A context-based integrity framework. In: 2012 19th Asia-Pacific Software Engineering Conference (APSEC), vol.1, pp. 1–9. IEEE (2012)

    Google Scholar 

  26. SafeLogic. SafeLogic Inc. (2015). http://www.safelogic.com/

Download references

Author information

Authors and Affiliations

  1. School of Computer Sciences, Universiti Sains Malaysia, Penang, Malaysia

    Zakiah Zulkefli, Manmeet Mahinderjit Singh & Nurul Hashimah Ahamed Hassain Malim

Authors
  1. Zakiah Zulkefli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manmeet Mahinderjit Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nurul Hashimah Ahamed Hassain Malim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manmeet Mahinderjit Singh .

Editor information

Editors and Affiliations

  1. University of Perugia, Perugia, Italy

    Osvaldo Gervasi

  2. University of Basilicata, Potenza, Italy

    Beniamino Murgante

  3. Covenant University, Canaanland, Nigeria

    Sanjay Misra

  4. University of Calgary, Calgary, Alberta, Canada

    Marina L. Gavrilova

  5. University of Minho, Braga, Portugal

    Ana Maria Alves Coutinho Rocha

  6. Polytechnic University, Bari, Italy

    Carmelo Torre

  7. Monash University, Clayton, Victoria, Australia

    David Taniar

  8. Kyushu Sangyo University, Fukuoka, Japan

    Bernady O. Apduhan

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Zulkefli, Z., Singh, M.M., Malim, N.H.A.H. (2015). Advanced Persistent Threat Mitigation Using Multi Level Security – Access Control Framework. In: Gervasi, O., et al. Computational Science and Its Applications -- ICCSA 2015. ICCSA 2015. Lecture Notes in Computer Science(), vol 9158. Springer, Cham. https://doi.org/10.1007/978-3-319-21410-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-21410-8_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-21409-2

  • Online ISBN: 978-3-319-21410-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation