BibTex RIS Cite

Evaluating Advanced Persistent Threats Mitigation Effects:A Review

Year 2018, Volume: 7 Issue: 4, 159 - 171, 01.12.2018

Oluwasegun Ishaya Adelaiye Aminat Showole Silas Ageebee Faki

Abstract

Advanced Persistent Threat APT is a targeted attack method used by a sophisticated, determined and skilled adversary to maintain undetected access over an extended period for exfiltration of valuable data. APT poses high threat levels to organizations especially government organizations. 60% of the problem is the inability to detect penetration using traditional mitigation methods. Numerous researches indicate that vulnerabilities exists in most organizations and when exploited will have major fininacial implications and also affect the organization’s reputation. Traditional methods for mitigating threats against security breaches have proved ineffective. This project aims at evaluating the utilization and effectiveness of Advanced Persistent Threats Mitigation techniques using existing literature and thereby providing a synopsis on APT. A method-based approach is adopted, reviewing the researches and a comparative analysis of the methods used in the mitigation of APT. The study compares 25 researches, which proposed methods in mitigating the threat, were filtered separating mitigation methods from review articles, identifying the threats etc. from a wide range of research reports between 2011 and 2017. These 25 researches were analysed to show the effectiveness of 12 mitigation methods utilized by the researchers. In mitigating APT multiple methods are employed by 72% of the researchers. The major methods used in mitigating APT are Traffic/data analysis 30% , Pattern recognition 21% and anomaly Detection 16% . These three methods work inline with providing effective internal audit, risk management and cooperate governance as highlighted in COBIT5 an IT management and governance framework by ISACA.

Keywords

Anomaly detection Data exfiltration Exploit Pattern recognition Traffic analysis Zero-day

References

  • [1] Merete Ask, Petro Bondarenko, John Erik Rekdal, Andre´ Nordbø, Pieter Bloemerus, and Dmytro Piatkivskyi. Advanced persistent threat (apt) beyond the hype. Project Report in IMT4582 Network Security at Gjøvik University College, Springer, 2013.
  • [2] Parth Bhatt, Edgar Toshiro Yano, and Per Gustavsson. Towards a framework to detect multi-stage advanced persistent threats attacks. In 2014 IEEE 8th International Symposium on Service Oriented System Engineering. IEEE, apr 2014.
  • [3] Beth Binde, Russ McRee, and Terrence J OConnor. Assessing outbound traffic to uncover advanced persistent threat. SANS Institute. Whitepaper, page 16, 2011.
  • [4] Ross Brewer. Advanced persistent threats: minimising the damage. Network Security, 2014(4):5–9, apr 2014.
  • [5] Guillaume Brogi and Valerie Viet Triem Tong. TerminAPTor: Highlighting advanced persistent threats through information flow tracking. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS). IEEE, nov 2016.
  • [6] Bulgurcu, Cavusoglu, and Benbasat. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3):523, 2010.
  • [7] Christian Cachin, Marko Vukolic Sorniotti, and Thomas Weigold. Blockchain, cryptography, and consensus, 2016.
  • [8] J Vijaya Chandra, Narasimham Challa, and Mohammed Ali Hussain. Data and information storage security from advanced persistent attack in cloud computing. International Journal of Applied Engineering Research, 9(20):7755–7768, 2014.
  • [9] Ping Chen, Lieven Desmet, and Christophe Huygens. A study on advanced persistent threats. In Communications and Multimedia Security, pages 63–72. Springer Berlin Heidelberg, 2014.
  • [10] Mauro Conti, Luigi V. Mancini, Riccardo Spolaor, and Nino Vincenzo Verde. Can’t you hear me knocking: Identification of user actions on android apps via traffic analysis. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pages 297–304. ACM, 2015.
  • [11] Luigi Coppolino, Michael Jger, Nicolai Kuntze, and Roland Rieke. A trusted information agent for security information and event management. SECURITY ANALYSIS OF SYSTEM BEHAVIOUR, page 265, 2014.
  • [12] Johannes de Vries, Hans Hoogstraaten, Jan van den Berg, and Semir Daskapan. Systems for detecting advanced persistent threats: A development roadmap using intelligent data analysis. In 2012 International Conference on Cyber Security. IEEE, dec 2012.
  • [13] Alex Drozhzhin. The greatest heist of the century: hackers stole $1 bln, 2015. Assesed 04 May 2015.
  • [14] Benjamin Edwards, Tyler Moore, George Stelle, Steven Hofmeyr, and Stephanie Forrest. Beyond the blacklist: modeling malware spread and the effect of interventions. In Proceedings of the 2012 workshop on New security paradigms, pages 53–66. ACM Press, 2012.
  • [15] Ivo Friedberg, Florian Skopik, Giuseppe Settanni, and Roman Fiedler. Combating advanced persistent threats: From network event correlation to incident detection. Computers & Security, 48:35–57, feb 2015.
  • [16] P. Garc´ıa-Teodoro, J. D´ıaz-Verdejo, G. Macia-Fern ´ andez, and ´ E. Vazquez. Anomaly-based network intrusion detection: Tech- ´ niques, systems and challenges. Computers & Security, 28(1- 2):18–28, feb 2009.
  • [17] Giovanni Geraci, Harpreet S. Dhillon, Jeffrey G. Andrews, Jinhong Yuan, and Iain B. Collings. Physical layer security in downlink multi-antenna cellular networks. IEEE Transactions on Communications, 62(6):2006–2021, jun 2014.
  • [18] Ibrahim Ghafir and Vaclav Prenosil. Advanced persistent threat attack detection: an overview. International Journal of Advances in Computer Networks and Its Security (IJCNS), 4(4):5054, 2014.
  • [19] Ibrahim Ghafir and Vaclav Prenosil. Proposed approach for targeted attacks detection. In Lecture Notes in Electrical Engineering, pages 73–80. Springer International Publishing, dec 2015.
  • [20] Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Francisco J. Aparicio-Navarro, Khaled Rabie, and Ahmad Jabban. Disguised executable files in spear-phishing emails. In Proceedings of the 2nd International Conference on Future Networks and Distributed Systems -ICFNDS. ACM Press, 2018.
  • [21] Paul Giura and Wei Wang. Using large scale distributed computing to unveil advanced persistent threats. Science J, 1(3):93–105, 2012.
  • [22] Gustavo Gonzalez Granadillo, Joaquin Garcia-Alfaro, Herve Debar, Christophe Ponchel, and Laura Rodriguez Martin. Considering technical and financial impact in the selection of security countermeasures against advanced persistent threats (APTs). In 2015 7th International Conference on New Technologies, Mobility and Security (NTMS). IEEE, jul 2015.
  • [23] Pengfei Hu, Hongxing Li, Hao Fu, Derya Cansever, and Prasant Mohapatra. Dynamic defense strategy against advanced persistent threat with insiders. In 2015 IEEE Conference on Computer Communications (INFOCOM). IEEE, apr 2015.
  • [24] Barbara Hudson. Advanced persistent threats: Detection, protection and prevention. Sophos Ltd., US February, 2014.
  • [25] Jun Ho Huh, John Lyle, Cornelius Namiluko, and Andrew Martin. Managing application whitelists in trusted distributed systems. Future Generation Computer Systems, 27(2):211–226, feb 2011.
  • [26] Inkyung Jeun, Youngsook Lee, and Dongho Won. A practical study on advanced persistent threats. In Communications in Computer and Information Science, pages 144–152. Springer Berlin Heidelberg, 2012.
  • [27] Klaus Julisch. Understanding and overcoming cyber security anti-patterns. Computer Networks, 57(10):2206–2211, jul 2013.
  • [28] Katharina Krombholz, Heidelinde Hobel, Markus Huber, and Edgar Weippl. Advanced social engineering attacks. Journal of Information Security and Applications, 22:113–122, jun 2015.
  • [29] David Lacey. Advanced Persistent Threats: How to Manage the Risk to Your Business. ISACA, 2013.
  • [30] Pavlos Lamprakis, Ruggiero Dargenio, David Gugelmann, Vincent Lenders, Markus Happe, and Laurent Vanbever. Unsupervised detection of APT c&c channels using web request graphs. In Detection of Intrusions and Malware, and Vulnerability Assessment, pages 366–387. Springer International Publishing, 2017.
  • [31] Meicong Li, Wei Huang, Yongbin Wang, Wenqing Fan, and Jianfang Li. The study of APT attack stage model. In 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS). IEEE, jun 2016.
  • [32] Young Hwan Lim, Hong Ryeol Ryu, Kyung Sung Choi, Chan Wook Park, Won Hyung Park, and Kwang Ho Kook. A study on malware detection system model based on correlation analysis using live response techniques. In 2012 International Conference on Information Science and Applications. IEEE, may 2012.
  • [33] Ken Chang Dr Ying-Dar Lin. Advanced persistent threat: Malicious code hidden in pdf documents. 2014.
  • [34] Xiaomei Liu, Zijuan Luo, Shuanghua Zhu, Chen yan Kong, Wei Chen, Yuta Nakatani, Shin ya Nishizaki, Xiao dan Li, Yong feng Yin, and Ping Shao. Research on prevention solution of advanced persistent threat. In 2014 2nd International Conference on Software Engineering, Knowledge Engineering and Information Engineering (SEKEIE 2014)). Atlantis Press, 2014.
  • [35] Chi-Chun Lo and Wan-Jia Chen. A hybrid information security risk assessment procedure considering interdependences between controls. Expert Systems with Applications, 39(1):247– 257, jan 2012.
  • [36] Vijay Mahadevan, Weixin Li, Viral Bhalodia, and Nuno Vasconcelos. Anomaly detection in crowded scenes. In 2010 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. IEEE, jun 2010.
  • [37] Mirco Marchetti, Fabio Pierazzi, Michele Colajanni, and Alessandro Guido. Analysis of high volumes of network traffic for advanced persistent threat detection. Computer Networks, 109:127–141, nov 2016.
  • [38] Philip J McParlane, Yashar Moshfeghi, and Joemon M Jose. Nobody comes here anymore, it’s too crowded; predicting image popularity on flickr. In Proceedings of International Conference on Multimedia Retrieval, page 385. ACM, 2014.
  • [39] Ruchika Mehresh and Shambhu J. Upadhyaya. Deceptionbased survivability. In Secure System Design and Trustable Computing, pages 521–537. Springer International Publishing, 2016.
  • [40] Diego Mendez Mena, Ioannis Papapanagiotou, and Baijian Yang. Internet of things: Survey on security. Information Security Journal: A Global Perspective, 27(3):162–182, apr 2018.
  • [41] Natasha Arjumand Shoaib Mirza, Haider Abbas, Farrukh Aslam Khan, and Jalal Al Muhtadi. Anticipating advanced persistent threat (APT) countermeasures using collaborative security mechanisms. In 2014 International Symposium on Biometrics and Security Technologies (ISBAST). IEEE, aug 2014.
  • [42] Nurul Nuha Abdul Molok, Atif Ahmad, and Shanton Chang. A case analysis of securing organisations against information leakage through online social networking. International Journal of Information Management, 43:351–356, dec 2018.
  • [43] Daesung Moon, Hyungjin Im, Jae Lee, and Jong Park. MLDS: Multi-layer defense system for preventing advanced persistent threats. Symmetry, 6(4):997–1010, dec 2014.
  • [44] Kara Nance and Matt Bishop. Introduction to deception, digital forensics, and malware minitrack. In Proceedings of the 50th Hawaii International Conference on System Sciences (2017). Hawaii International Conference on System Sciences, 2017.
  • [45] Terry Nelms, Roberto Perdisci, Manos Antonakakis, and Mustaque Ahamad. Towards measuring and mitigating social engineering software download attacks. In USENIX Security Symposium, pages 773–789, 2016.
  • [46] Mathew Nicho and Shafaq Khan. Identifying vulnerabilities of advanced persistent threats. International Journal of Information Security and Privacy, 8(1):1–18, jan 2014.
  • [47] Robert W. Palmatier, Mark B. Houston, and John Hulland. Review articles: purpose, process, and structure. Journal of the Academy of Marketing Science, 46(1):1–5, oct 2017.
  • [48] Animesh Patcha and Jung-Min Park. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12):3448–3470, aug 2007.
  • [49] Chris Peikert. A decade of lattice cryptography. Foundations and Trends R in Theoretical Computer Science, 10(4):283–424, 2016.
  • [50] Shari Lawrence Pfleeger, M. Angela Sasse, and Adrian Furnham. From weakest link to security hero: Transforming staff security behavior. Journal of Homeland Security and Emergency Management, 11(4), jan 2014.
  • [51] Johan Sigholm and Martin Bang. Towards offensive cyber counterintelligence: Adopting a target-centric view on advanced persistent threats. In 2013 European Intelligence and Security Informatics Conference. IEEE, aug 2013.
  • [52] Saurabh Singh, Young-Sik Jeong, and Jong Hyuk Park. A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications, 75:200–222, nov 2016.
  • [53] Florian Skopik, Ivo Friedberg, and Roman Fiedler. Dealing with advanced persistent threats in smart grid ICT networks. In ISGT 2014. IEEE, feb 2014.
  • [54] Rob Sloan. Advanced persistent threat. Engineering & Technology Reference, jan 2014.
  • [55] Yunfei Su, Mengjun Li, ChaoJing Tang, and Rongjun Shen. A framework of APT detection based on dynamic analysis. In Proceedings of the 2015 4th National Conference on Electrical, Electronics and Computer Engineering. Atlantis Press, 2016.
  • [56] Lyn M. Van Swol, Michael T. Braun, and Miranda R. Kolb. Deception, detection, demeanor, and truth bias in face-to-face and computer-mediated communication. Communication Research, 42(8):1116–1142, apr 2013.
  • [57] Colin Tankard. Advanced persistent threats and how to monitor and deter them. Network Security, 2011(8):16–19, aug 2011
  • [58] Andrew Vance. Flow based analysis of advanced persistent threats detecting targeted attacks in cloud computing. In 2014 First International Scientific-Practical Conference Problems of Infocommunications Science and Technology. IEEE, oct 2014.
  • [59] Andrew Vance. Flow based analysis of advanced persistent threats detecting targeted attacks in cloud computing. In Problems of Infocommunications Science and Technology, 2014 First International Scientific-Practical Conference, pages 173– 176. IEEE, 2014.
  • [60] Gregory Vert, Bilal Gonen, and Jayson Brown. A theoretical model for detection of advanced persistent threat in networks and systems using a finite angular state velocity machine (FAST-VM). International Journal of Computer Science and Application, 3(2):63, 2014.
  • [61] Nart Villeneuve and James Bennett. Detecting apt activity with network traffic analysis. Trend Micro Incorporated Research Paper, 2012.
  • [62] Nikos Virvilis and Dimitris Gritzalis. The big four - what we did wrong in advanced persistent threat detection? In 2013 International Conference on Availability, Reliability and Security. IEEE, sep 2013.
  • [63] Nikos Virvilis, Bart Vanautgaerden, and Oscar Serrano Serrano. Changing the game: The art of deceiving sophisticated attackers. In 2014 6th International Conference On Cyber Conflict (CyCon 2014). IEEE, jun 2014.
  • [64] Xu Wang, Kangfeng Zheng, Xinxin Niu, Bin Wu, and Chunhua Wu. Detection of command and control in advanced persistent threat based on independent access. In 2016 IEEE International Conference on Communications (ICC). IEEE, may 2016.
  • [65] Yuan Wang, Yongjun Wang, Jing Liu, and Zhijian Huang. A network gene-based framework for detecting advanced persistent threats. In 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing. IEEE, nov 2014.
  • [66] Mark Warren. Modern IP theft and the insider threat. Computer Fraud & Security, 2015(6):5–10, jun 2015.
  • [67] John Wright, Yi Ma, Julien Mairal, Guillermo Sapiro, Thomas S. Huang, and Shuicheng Yan. Sparse representation for computer vision and pattern recognition. Proceedings of the IEEE, 98(6):1031–1044, jun 2010.
  • [68] Jian Wu, Pradeep Teregowda, Juan Pablo Fernandez Ram ´ ´ırez, Prasenjit Mitra, Shuyi Zheng, and C. Lee Giles. The evolution of a crawling strategy for an academic document search engine. In Proceedings of the 3rd Annual ACM Web Science Conference. ACM Press, 2012.
  • [69] Xue Yang, Zhihua Li, Zhenmin Geng, and Haitao Zhang. A multi-layer security model for internet of things. In Internet of Things, pages 388–393. Springer Berlin Heidelberg, 2012.
There are 69 citations in total.

Details

Primary Language English
Journal Section Research Article
Authors

Oluwasegun Ishaya Adelaiye This is me

Aminat Showole This is me

Silas Ageebee Faki This is me

Publication Date December 1, 2018
Published in Issue Year 2018 Volume: 7 Issue: 4

Cite

IEEE O. I. Adelaiye, A. Showole, and S. A. Faki, “Evaluating Advanced Persistent Threats Mitigation Effects:A Review”, IJISS, vol. 7, no. 4, pp. 159–171, 2018.