Title :
Persistent threat pattern discovery
Author :
Quader, Faisal ; Janeja, Vandana ; Stauffer, Justin
Author_Institution :
Dept. of Inf. Syst., UMBC, Baltimore, MD, USA
Abstract :
Advanced Persistent Threat (APT) is a complex (Advanced) cyber-attack (Threat) against specific targets over long periods of time (Persistent) carried out by nation states or terrorist groups with highly sophisticated levels of expertise to establish entries into organizations, which are critical to a country´s socio-economic status. The key identifier in such persistent threats is that patterns are long term, could be high priority, and occur consistently over a period of time. This paper focuses on identifying persistent threat patterns in network data, particularly data collected from Intrusion Detection Systems. We utilize Association Rule Mining (ARM) to detect persistent threat patterns on network data. We identify potential persistent threat patterns, which are frequent but at the same time unusual as compared with the other frequent patterns.
Keywords :
data mining; security of data; APT; ARM; advanced persistent threat; association rule mining; cyber-attack; frequent pattern discovery; intrusion detection systems; network data; persistent threat identification; persistent threat pattern discovery; Association rules; Government; IP networks; Intrusion detection; Advanced Persistent Threat (APT); Association Rule Mining (ARM); Persistent Threat (PT);
Conference_Titel :
Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4799-9888-3
DOI :
10.1109/ISI.2015.7165967
