论文信息 - Flow based analysis of Advanced Persistent Threats detecting targeted attacks in cloud computing

Flow based analysis of Advanced Persistent Threats detecting targeted attacks in cloud computing

Cloud computing provides industry, government, and academic users' convenient and cost-effective access to distributed services and shared data via the Internet. Due to its distribution of diverse users and aggregation of immense data, cloud computing has increasingly been the focus of targeted attacks. Meta-analysis of industry studies and retrospective research involving cloud service providers reveal that cloud computing is demonstrably vulnerable to a particular type of targeted attack, Advanced Persistent Threats (APTs). APTs have proven to be difficult to detect and defend against in cloud based infocommunication systems. The prevalent use of polymorphic malware and encrypted covert communication channels make it difficult for existing packet inspecting and signature based security technologies such as; firewalls, intrusion detection sensors, and anti-virus systems to detect APTs. In this paper, we examine the application of an alternative security approach which applies an algorithm derived from flow based monitoring to successfully detect APTs. Results indicate that statistical modeling of APT communications can successfully develop deterministic characteristics for detection is a more effective and efficient way to protect against APTs.

Andrew Vance

[1] Andrew Vance,et al. Intrusion analysis with deep packet inspection: Increasing efficiency of packet based investigations , 2011, 2011 International Conference on Cloud and Service Computing.

[2] Wei Wang,et al. A Context-Based Detection Framework for Advanced Persistent Threats , 2012, 2012 International Conference on Cyber Security.

[3] Xiaohua Yan,et al. A Early Detection of Cyber Security Threats using Structured Behavior Modeling , 2013 .

[4] Romain Thibault Fontugne,et al. Increasing reliability in network traffic anomaly detection , 2011 .

[5] SkopikFlorian,et al. Combating advanced persistent threats , 2015 .

[6] Ang Li,et al. Fast Anomaly Detection for Large Data Centers , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[7] Jan van den Berg,et al. Systems for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data Analysis , 2012, 2012 International Conference on Cyber Security.

[8] Florian Skopik,et al. Combating advanced persistent threats: From network event correlation to incident detection , 2015, Comput. Secur..

[9] Edgar Toshiro Yano,et al. Towards a Framework to Detect Multi-stage Advanced Persistent Threats Attacks , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[10] Maik Moeller. Managing Information Security Risks The Octave Approach , 2016 .