Natasha Arjumand Shoaib Mirza, Haider Abbas, F. A. Khan, J. Al-Muhtadi
{"title":"Anticipating Advanced Persistent Threat (APT) countermeasures using collaborative security mechanisms","authors":"Natasha Arjumand Shoaib Mirza, Haider Abbas, F. A. Khan, J. Al-Muhtadi","doi":"10.1109/ISBAST.2014.7013108","DOIUrl":null,"url":null,"abstract":"Information and communication security has gained significant importance due to its wide spread use, increased sophistication and complexity in its deployment. On the other hand, more sophisticated and stealthy techniques are being practiced by the intruder's group to penetrate and exploit the technology and attack detection. One such treacherous threat to all critical assets of an organization is Advanced Persistent Threat (APT). Since APT attack vector is not previously known, consequently this can harm the organization's assets before the patch for this security flaw is released/available. This paper presents a preliminary research effort to counter the APT or zero day attacks at an early stage by detecting malwares. Open Source version of Security Information and Event Management (SIEM) is used to detect denial of service attack launched through remote desktop service. The framework presented in this paper also shows the efficiency of the technique and it can be enhanced with more sophisticated mechanisms for APT attack detection.","PeriodicalId":292333,"journal":{"name":"2014 International Symposium on Biometrics and Security Technologies (ISBAST)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Symposium on Biometrics and Security Technologies (ISBAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISBAST.2014.7013108","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 23
Abstract
Information and communication security has gained significant importance due to its wide spread use, increased sophistication and complexity in its deployment. On the other hand, more sophisticated and stealthy techniques are being practiced by the intruder's group to penetrate and exploit the technology and attack detection. One such treacherous threat to all critical assets of an organization is Advanced Persistent Threat (APT). Since APT attack vector is not previously known, consequently this can harm the organization's assets before the patch for this security flaw is released/available. This paper presents a preliminary research effort to counter the APT or zero day attacks at an early stage by detecting malwares. Open Source version of Security Information and Event Management (SIEM) is used to detect denial of service attack launched through remote desktop service. The framework presented in this paper also shows the efficiency of the technique and it can be enhanced with more sophisticated mechanisms for APT attack detection.
信息和通信安全由于其广泛的使用,其部署的复杂性和复杂性日益增加而变得非常重要。另一方面,入侵者组织正在使用更复杂和隐蔽的技术来渗透和利用技术和攻击检测。高级持续威胁(APT)是对组织所有关键资产的一种危险威胁。由于以前不知道APT攻击向量,因此在此安全漏洞的补丁发布/可用之前,这可能会损害组织的资产。本文介绍了通过检测恶意软件在早期阶段对抗APT或零日攻击的初步研究工作。SIEM (Security Information and Event Management)是开源版本,用于检测通过远程桌面服务发起的拒绝服务攻击。本文提出的框架也显示了该技术的效率,并且可以通过更复杂的APT攻击检测机制来增强它。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
