A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems

Year 2018, Volume: 22 Issue: Special, 519 - 528, 05.10.2018

Şerif Bahtiyar

Abstract

The expansive usage of the Internet has set the stage for advanced persistent threats that has increased costs considerably in cyber space. Most of the time, entities exchange information and they are controlled remotely via many communication systems with a rich connectivity options on the Internet. Intruders accomplish advanced persistent threats by using such a rich connectivity options. These threats are extremely complex and they have unique features. Detecting such threats and corresponding attacks are therefore very difficult that circumstance makes classical intrusion detection systems impossible to deal with them. In this paper, a flow-based approach to detect advanced persistent threats is presented with a new model, namely FD-APT. The approach considers advanced persistent threats based attacks that are carried out with advanced malware. Moreover, FD-APT model distinguishes properties of malware types. The new approach is also analyzed with two case studies to highlight capabilities of FD-APT. The analyses results show that FD-APT helps to detect advanced persistent threats that are based on advanced malware.

Keywords

Security, Malware; Advanced persistent threat; Attack; Detection; Communication

References

• [1] Lagazio, M., Sherif, N., Cushman, M. 2014. A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45, 58–74.
• [2] Egele, M., Scholte, T., Kirda, E., Kruegel, C. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44(February 2012), 6:1–6:42.
• [3] Mell, P. M., Kent, K., Nusbaum, J. 2005. Guide to Malware Incident Prevention and Handling., NIST SP, 800-83.
• [4] Wood, P. 2016. Internet security threat report”, Tech. rep., Symantec Corporation.
• [5] Bahtiyar, Ş. 2016. Anatomy of targeted attacks with smart malware. Security and Communication Networks, 9(18), 6215 – 6226.
• [6] Han, X., Tan, Q. 2010. Dynamical behavior of computer virus on Internet. Applied Mathematics and Computation, 217(6), 2520–2526.
• [7] Swain, B. 2009. What are malware, viruses, spyware, and cookies, and what differentiates them?. Symantec Tech. rep., 2009.
• [8] Mishra, B. K., Pandey, S. K. 2011. Dynamic model of worms with vertical transmission in computer network. Applied Mathematics and Computation, 217(21), 8438–8446.
• [9] Anonymous, 2017. Types of malware. Kaspersky Lab Technical Report. https://usa.kaspersky.com/internet-security-center/threats/types-of-malware#.WGQWiFOLTIV (Access: 13.12.2017)
• [10] Anonymous, 2017. What is adware?. Kaspersky Lab Technical Report. https://usa.kaspersky.com/internet- security-center/threats/adware#.WGQsn1OLTIU. (Access: 13.12.2017)
• [11] Li, Z., Goyal, A., Chen, Y., Paxson, V. 2011. Towards situational awareness of large-scale botnet probing events. IEEE Transactions on Information Forensics and Security, 6(1), 175–188.
• [12] Kerr, P. K., Rollins, J., Theohary, C. A. 2010. The stuxnet computer worm: Harbinger of an emerging warfare capability. Technical Report.
• [13] Bencsath, B., Pek, G., Gabor, L., Felegyhazi, M. 2011. Duqu: A stuxnet-like malware found in the wild. Technical Report.
• [14] Anonymous, 2012. Stuxnet: Opening pandora’s box?, https://cmu95752.wordpress.com/tag/ stuxnet/, 2012 (Access: 24.02.2013)
• [15] Combs, M. M. 2012. Impact of the stuxnet virus on industrial control systems. In XIII International forum Modern information society formation - problems, perspectives, innovation approaches, St.-Petersburg, RUSSIA, September 5–10.
• [16] Anonymous, 2011. Duqu: The precursor to the next stuxnet, Symantec Technical Report. http://www.symantec.com/outbreak/?id=stuxnet (Access: 24.02.2013)
• [17] Tangil, G. S., Tapiador, J. E., Lopez, P. P., Ribagorda, A. 2014. Evolution, Detection and Analysis of Malware for Smart Devices. IEEE Communications Surveys and Tutorials, 16(2), 961—987.
• [18] Çetin, E. C. 2017. Identification and Automated Classification of Advanced Malware. BS Graduation Project, Istanbul Technical University, Department of Computer Engineering, İstanbul.