A Detailed Study on Advanced Persistent Threats: A Sophisticated Threat
Author : A. Sarkunavathi and V. SrinivasanVolume 7 No.1 Special Issue:November 2018 pp 90-95
Abstract
In the present world computer networks are used to store sensitive information and to provide services for organizations and society. The growth of internet and the increased use of computers in society along with smart devices lead to the increase in cyber crimes and persistent attacks. The most complex and advanced attacks are targeted attacks which are specifically aimed at companies or governments to accomplish the predetermined goals such as economic advantages, strategic benefits, getting control of sensitive information. Hackers try to access sensitive data from cyber space and there by become as advanced malware developers for the security systems. One type of such attack is Advanced Persistent Threats (APT) which targets the governmental institutions, military, multinational enterprises, financial industry, manufacturing and banks. The approach that is followed by the attackers are repeated attempts using different methods such as , stealth approach, adapting to the existing defense mechanisms, stealthily infiltrating the network to avoid any suspicions like involving in sleep modes before commencing any attack. The effects of these attacks are ex-filtration of key intelligence property, stoppage of fundamental services, and destruction of critical infrastructure. This paper is about the detailed study of Advanced Persistent threats to provide an idea about the advanced attacks.
Keywords
Advanced Persistent Threats, Attacks, Effects
Full Text:
References
[1] V. N. Harikrishnan, and T. Gireesh Kumar, “Advanced Persistent Threat Analysis using Splunk”, Vol. 118, No. 20, pp. 3761-3768, 2018
[2] Mandian – FireEye Inc, “M-Trends 2015 A View from the Front Lines”, Tech. Rep., 2014.
[3] N. Virvilis and D. Gritzalis, “The Big Four – What We Did Wrong in Advanced Persistent Threat Detection?” In Availability, Reliability and Security (ARES), Eighth International Conference on, Sept 2013, pp. 248–254, 2013.
[4] Splunk Inc., “Splunk for Security: Supporting a Big Data Approach for Security Intelligence”, [Online] Available at: http://www.splunk. com/web_assets/pdfs/secure/Splunk_for_Security.pdf, 2014
[5] Jasek, R.O.M.A.N., M.A.R.T.I.N. Kolarik, and T.O.M.A.S. Vymola, “APT detection system using honeypots”, Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC’13), WSEAS Press. 2013.
[6] Marchetti, and Mirco, et al., “Analysis of high volumes of network traffic for Advanced Persistent Threat detection”, Computer Networks, Vol. 109, pp. 127-141, 2016.
[7] Zhao, and Guodong, et al., “Detecting APT malware infections based on malicious DNS and traffic analysis”, IEEE Access, Vol. 3, pp.1132-1142, 2015
[8] Bilge, and Leyla, et al., “Exposure: Finding Malicious Domains Using Passive DNS Analysis”, NDSS. 2011.
[9] Anastasov, Igor, and DancoDavcev, “SIEM implementation for global and distributed environments”, Computer Applications and Information Systems (WCCAIS), 2014 World Congress on. IEEE, 2014.
[10] Raja, M. Siva Niranjan, and A. R. Vasudevan, “Rule Generation for TCP SYN Flood attack in SIEM Environment”, Procedia Computer Science, Vol. 115, pp. 580-587, 2017.
[11] L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, “EXPOSURE: Finding malicious domains using passive DNS analysis”, in Proc. NDSS, 2011.
[12] E. Stalmans and B. Irwin, “A framework for DNS based detection and mitigation of malware infections on a network”, in Proc Inf. Secur.South Africa (ISSA), pp. 1- 8, Aug. 2011.