A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems

Şerif Bahtiyar

A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems

Öz

The expansive usage of the Internet has set the stage for advanced persistent threats that has increased costs considerably in cyber space. Most of the time, entities exchange information and they are controlled remotely via many communication systems with a rich connectivity options on the Internet. Intruders accomplish advanced persistent threats by using such a rich connectivity options. These threats are extremely complex and they have unique features. Detecting such threats and corresponding attacks are therefore very difficult that circumstance makes classical intrusion detection systems impossible to deal with them. In this paper, a flow-based approach to detect advanced persistent threats is presented with a new model, namely FD-APT. The approach considers advanced persistent threats based attacks that are carried out with advanced malware. Moreover, FD-APT model distinguishes properties of malware types. The new approach is also analyzed with two case studies to highlight capabilities of FD-APT. The analyses results show that FD-APT helps to detect advanced persistent threats that are based on advanced malware.

Anahtar Kelimeler

Security,Malware; Advanced persistent threat; Attack; Detection; Communication

Kaynakça

[1] Lagazio, M., Sherif, N., Cushman, M. 2014. A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45, 58–74.
[2] Egele, M., Scholte, T., Kirda, E., Kruegel, C. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44(February 2012), 6:1–6:42.
[3] Mell, P. M., Kent, K., Nusbaum, J. 2005. Guide to Malware Incident Prevention and Handling., NIST SP, 800-83.
[4] Wood, P. 2016. Internet security threat report”, Tech. rep., Symantec Corporation.
[5] Bahtiyar, Ş. 2016. Anatomy of targeted attacks with smart malware. Security and Communication Networks, 9(18), 6215 – 6226.
[6] Han, X., Tan, Q. 2010. Dynamical behavior of computer virus on Internet. Applied Mathematics and Computation, 217(6), 2520–2526.
[7] Swain, B. 2009. What are malware, viruses, spyware, and cookies, and what differentiates them?. Symantec Tech. rep., 2009.
[8] Mishra, B. K., Pandey, S. K. 2011. Dynamic model of worms with vertical transmission in computer network. Applied Mathematics and Computation, 217(21), 8438–8446.

[9] Anonymous, 2017. Types of malware. Kaspersky Lab Technical Report. https://usa.kaspersky.com/internet-security-center/threats/types-of-malware#.WGQWiFOLTIV (Access: 13.12.2017)
[10] Anonymous, 2017. What is adware?. Kaspersky Lab Technical Report. https://usa.kaspersky.com/internet- security-center/threats/adware#.WGQsn1OLTIU. (Access: 13.12.2017)
[11] Li, Z., Goyal, A., Chen, Y., Paxson, V. 2011. Towards situational awareness of large-scale botnet probing events. IEEE Transactions on Information Forensics and Security, 6(1), 175–188.
[12] Kerr, P. K., Rollins, J., Theohary, C. A. 2010. The stuxnet computer worm: Harbinger of an emerging warfare capability. Technical Report.
[13] Bencsath, B., Pek, G., Gabor, L., Felegyhazi, M. 2011. Duqu: A stuxnet-like malware found in the wild. Technical Report.
[14] Anonymous, 2012. Stuxnet: Opening pandora’s box?, https://cmu95752.wordpress.com/tag/ stuxnet/, 2012 (Access: 24.02.2013)
[15] Combs, M. M. 2012. Impact of the stuxnet virus on industrial control systems. In XIII International forum Modern information society formation - problems, perspectives, innovation approaches, St.-Petersburg, RUSSIA, September 5–10.
[16] Anonymous, 2011. Duqu: The precursor to the next stuxnet, Symantec Technical Report. http://www.symantec.com/outbreak/?id=stuxnet (Access: 24.02.2013)
[17] Tangil, G. S., Tapiador, J. E., Lopez, P. P., Ribagorda, A. 2014. Evolution, Detection and Analysis of Malware for Smart Devices. IEEE Communications Surveys and Tutorials, 16(2), 961—987.
[18] Çetin, E. C. 2017. Identification and Automated Classification of Advanced Malware. BS Graduation Project, Istanbul Technical University, Department of Computer Engineering, İstanbul.

Ayrıntılar

Birincil Dil

Türkçe

Konular

-

Bölüm

-

Yazarlar

Şerif Bahtiyar

Yayımlanma Tarihi

5 Ekim 2018

Gönderilme Tarihi

15 Mart 2018

Kabul Tarihi

-

Yayımlandığı Sayı

Yıl 2018 Cilt: 22

IZ

https://izlik.org/JA53WS59PF

Kaynak Göster

RIS / Bibtex

APA

Bahtiyar, Ş. (2018). A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi, 22, 519-528. https://izlik.org/JA53WS59PF

AMA

1.Bahtiyar Ş. A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems. Süleyman Demirel Üniv. Fen Bilim. Enst. Derg. 2018;22:519-528. https://izlik.org/JA53WS59PF

Chicago

Bahtiyar, Şerif. 2018. “A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 22 (Ekim): 519-28. https://izlik.org/JA53WS59PF.

EndNote

Bahtiyar Ş (01 Ekim 2018) A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 22 519–528.

IEEE

[1]Ş. Bahtiyar, “A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems”, Süleyman Demirel Üniv. Fen Bilim. Enst. Derg., c. 22, ss. 519–528, Eki. 2018, [çevrimiçi]. Erişim adresi: https://izlik.org/JA53WS59PF

ISNAD

Bahtiyar, Şerif. “A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi 22 (01 Ekim 2018): 519-528. https://izlik.org/JA53WS59PF.

JAMA

1.Bahtiyar Ş. A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems. Süleyman Demirel Üniv. Fen Bilim. Enst. Derg. 2018;22:519–528.

MLA

Bahtiyar, Şerif. “A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems”. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi, c. 22, Ekim 2018, ss. 519-28, https://izlik.org/JA53WS59PF.

Vancouver

1.Şerif Bahtiyar. A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems. Süleyman Demirel Üniv. Fen Bilim. Enst. Derg. [Internet]. 01 Ekim 2018;22:519-28. Erişim adresi: https://izlik.org/JA53WS59PF