{"title":"预测 APT 恶意软件在网络中传播的新方法","authors":"Xuan Cho Do, Hai Anh Tran, Thi Lan Phuong Nguyen","doi":"10.1007/s10489-024-05750-1","DOIUrl":null,"url":null,"abstract":"<div><p>Advanced Persistent Threat (APT) attack is one of the most dangerous cyber-attack techniques nowadays. Therefore, the issue of detecting and predicting the spread of APT malware in the network is a very urgent issue to help the process of preventing this attack effectively. In this paper, we propose a new approach that is capable of predicting the spread of APT malware in the network based on the APT's own behaviors. Accordingly, to predict the spread of APT malicious code in the system, we propose to use a combination of two single Susceptible‐Infected‐Recovered (SIR) models. Specifically, the first SIR model was built to predict the spread of APT malicious code to devices and computers within the organization. These devices and computers are often used by APT malicious code as a basis to escalate privileges to devices or computers containing important and sensitive information of the organization. The second SIR model has the function of predicting the spread of APT malware to a group of computers containing sensitive information or potentially causing high risks to the organization. The two SIR models will provide information about infections between computer groups in the system to help accurately predict the spread of APT malware in the system. The proposal to combine two SIR models in the article is a new proposal based on the behavior of APT malware in practice. By combining two SIR models, the proposal in this article has opened up a new approach for a number of problems predicting the spread in the internet such as malicious code in wireless sensor networks or malicious information on the social network.</p></div>","PeriodicalId":8041,"journal":{"name":"Applied Intelligence","volume":"54 23","pages":"12293 - 12314"},"PeriodicalIF":3.4000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A novel approach for predicting the spread of APT malware in the network\",\"authors\":\"Xuan Cho Do, Hai Anh Tran, Thi Lan Phuong Nguyen\",\"doi\":\"10.1007/s10489-024-05750-1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Advanced Persistent Threat (APT) attack is one of the most dangerous cyber-attack techniques nowadays. Therefore, the issue of detecting and predicting the spread of APT malware in the network is a very urgent issue to help the process of preventing this attack effectively. In this paper, we propose a new approach that is capable of predicting the spread of APT malware in the network based on the APT's own behaviors. Accordingly, to predict the spread of APT malicious code in the system, we propose to use a combination of two single Susceptible‐Infected‐Recovered (SIR) models. Specifically, the first SIR model was built to predict the spread of APT malicious code to devices and computers within the organization. These devices and computers are often used by APT malicious code as a basis to escalate privileges to devices or computers containing important and sensitive information of the organization. The second SIR model has the function of predicting the spread of APT malware to a group of computers containing sensitive information or potentially causing high risks to the organization. The two SIR models will provide information about infections between computer groups in the system to help accurately predict the spread of APT malware in the system. The proposal to combine two SIR models in the article is a new proposal based on the behavior of APT malware in practice. By combining two SIR models, the proposal in this article has opened up a new approach for a number of problems predicting the spread in the internet such as malicious code in wireless sensor networks or malicious information on the social network.</p></div>\",\"PeriodicalId\":8041,\"journal\":{\"name\":\"Applied Intelligence\",\"volume\":\"54 23\",\"pages\":\"12293 - 12314\"},\"PeriodicalIF\":3.4000,\"publicationDate\":\"2024-09-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Applied Intelligence\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://link.springer.com/article/10.1007/s10489-024-05750-1\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Intelligence","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s10489-024-05750-1","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
摘要
高级持续威胁(APT)攻击是当今最危险的网络攻击技术之一。因此,检测和预测 APT 恶意软件在网络中的传播是一个非常紧迫的问题,有助于有效预防这种攻击。本文提出了一种新方法,能够根据 APT 自身的行为预测 APT 恶意软件在网络中的传播。因此,为了预测 APT 恶意代码在系统中的传播,我们建议使用两个单一的易感-感染-恢复(SIR)模型组合。具体来说,建立第一个 SIR 模型是为了预测 APT 恶意代码在组织内的设备和计算机上的传播。APT 恶意代码通常会利用这些设备和计算机,将权限升级到包含组织重要敏感信息的设备或计算机。第二个 SIR 模型的功能是预测 APT 恶意软件向包含敏感信息或可能对组织造成高风险的计算机群传播的情况。两个 SIR 模型将提供系统中计算机组之间的感染信息,以帮助准确预测 APT 恶意软件在系统中的传播。文章中结合两个 SIR 模型的建议是根据 APT 恶意软件在实践中的行为提出的新建议。通过结合两个 SIR 模型,本文中的建议为预测互联网中的恶意代码或社交网络中的恶意信息等一系列传播问题开辟了一种新的方法。
A novel approach for predicting the spread of APT malware in the network
Advanced Persistent Threat (APT) attack is one of the most dangerous cyber-attack techniques nowadays. Therefore, the issue of detecting and predicting the spread of APT malware in the network is a very urgent issue to help the process of preventing this attack effectively. In this paper, we propose a new approach that is capable of predicting the spread of APT malware in the network based on the APT's own behaviors. Accordingly, to predict the spread of APT malicious code in the system, we propose to use a combination of two single Susceptible‐Infected‐Recovered (SIR) models. Specifically, the first SIR model was built to predict the spread of APT malicious code to devices and computers within the organization. These devices and computers are often used by APT malicious code as a basis to escalate privileges to devices or computers containing important and sensitive information of the organization. The second SIR model has the function of predicting the spread of APT malware to a group of computers containing sensitive information or potentially causing high risks to the organization. The two SIR models will provide information about infections between computer groups in the system to help accurately predict the spread of APT malware in the system. The proposal to combine two SIR models in the article is a new proposal based on the behavior of APT malware in practice. By combining two SIR models, the proposal in this article has opened up a new approach for a number of problems predicting the spread in the internet such as malicious code in wireless sensor networks or malicious information on the social network.
期刊介绍:
With a focus on research in artificial intelligence and neural networks, this journal addresses issues involving solutions of real-life manufacturing, defense, management, government and industrial problems which are too complex to be solved through conventional approaches and require the simulation of intelligent thought processes, heuristics, applications of knowledge, and distributed and parallel processing. The integration of these multiple approaches in solving complex problems is of particular importance.
The journal presents new and original research and technological developments, addressing real and complex issues applicable to difficult problems. It provides a medium for exchanging scientific research and technological achievements accomplished by the international community.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
