Title :
Towards a Framework to Detect Multi-stage Advanced Persistent Threats Attacks
Author :
Bhatt, Piyush ; Toshiro Yano, Edgar ; Gustavsson, Per M.
Author_Institution :
Dept. of Electron. & Comput. Eng., Inst. Tecnol. de Aeronaut., São José dos Campos, Brazil
Abstract :
Detecting and defending against Multi-Stage Advanced Persistent Threats (APT) Attacks is a challenge for mechanisms that are static in its nature and are based on blacklisting and malware signature techniques. Blacklists and malware signatures are designed to detect known attacks. But multi-stage attacks are dynamic, conducted in parallel and use several attack paths and can be conducted in multi-year campaigns, in order to reach the desired effect. In this paper the design principles of a framework are presented that model Multi-Stage Attacks in a way that both describes the attack methods as well as the anticipated effects of attacks. The foundation to model behaviors is by the combination of the Intrusion Kill-Chain attack model and defense patterns (i.e. a hypothesis based approach of known patterns). The implementation of the framework is made by using Apache Hadoop with a logic layer that supports the evaluation of a hypothesis.
Keywords :
digital signatures; invasive software; public domain software; APT attacks; Apache Hadoop; attack methods; attack paths; blacklisting; defense patterns; dynamic multistage attacks; hypothesis-based approach; intrusion kill-chain attack model; known-attack pattern detection; logic layer; malware signature techniques; multistage advanced persistent threat attack defence; multistage advanced persistent threat attack detection; Correlation; Malware; Organizations; Sensors; Weapons; APT; Hadoop; Intrusion Kill Chain; Multi-stage Attack;
Conference_Titel :
Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on
Conference_Location :
Oxford
DOI :
10.1109/SOSE.2014.53
