The Big Four - What We Did Wrong in Advanced Persistent Threat Detection?

Author

Virvilis, Nikos ; Gritzalis, D.

Author_Institution

Dept. of Inf., Athens Univ. of Econ. & Bus. (AUEB), Athens, Greece

fYear

2013

fDate

2-6 Sept. 2013

Firstpage

248

Lastpage

254

Abstract

As both the number and the complexity of cyber-attacks continuously increase, it is becoming evident that current security mechanisms have limited success in detecting sophisticated threats. Stuxnet, Duqu, Flame and Red October have troubled the security community due to their severe complexity and their ability to evade detection - in some cases for several years. The significant technical and financial resources needed for orchestrating such complex attacks are a clear indication that perpetrators are well organized and, likely, working under a state umbrella. In this paper we perform a technical analysis of these advanced persistent threats, highlighting particular characteristics and identifying common patterns and techniques. We also focus on the issues that enabled the malware authors to evade detection from a wide range of security solutions and propose technical countermeasures for strengthening our defenses against similar threats.

Keywords

invasive software; Duqu; Flame; Red October; Stuxnet; advanced persistent threat detection; cyber-attacks; malware authors; security community; security mechanisms; sophisticated threat detection; state umbrella; Availability; Security; Advanced Persistent Threat; Duqu; Exploitation; Flame; Red October; Stuxnet; Zero Day;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2013 Eighth International Conference on

Conference_Location

Regensburg

Type

conf

DOI

10.1109/ARES.2013.32

Filename

6657248