A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions

Recently in the connected digital world, targeted attack has become one of the most serious threats to conventional computing systems. Advanced persistent threat (APT) is currently one of the most important threats considering the information security concept. APT persistently collects data from a specific target by exploiting vulnerabilities using diverse attack techniques. Many researchers have contributed to find approaches and solutions to fight against network intrusion and malicious software. However, only a few of these solutions are particularly focused on APT. In this paper, we introduce a structured study on semantic-aware work to find potential contributions that analyze and detect APT in details. We propose modeling phase that discusses the typical steps in APT attacks to collect the desired information by attackers. Our research explores social network and web infrastructure exploitation as well as communication protocols and much more for future networks and communications. The paper also includes some recent Zero-day attacks, use case scenarios and cyber trends in southeastern countries. To overcome these challenges and attacks, we introduce a detailed comprehensive literature evaluation scheme that classifies and provides countermeasures of APT attack behavior. Furthermore, we discuss future research direction of APT defense framework of next-generation threat life cycle.

[1]  José M. Fernandez,et al.  Semantic-based context-aware alert fusion for distributed Intrusion Detection Systems , 2013, 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS).

[2]  Andrew J. Clark,et al.  Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[3]  Richard J. Enbody,et al.  Spying on the browser: dissecting the design of malicious extensions , 2011, Netw. Secur..

[4]  Dongho Won,et al.  A Practical Study on Advanced Persistent Threats , 2012 .

[5]  Asunción Gómez-Pérez,et al.  METHONTOLOGY: From Ontological Art Towards Ontological Engineering , 1997, AAAI 1997.

[6]  Zahid Anwar,et al.  Semantic security against web application attacks , 2014, Inf. Sci..

[7]  George Karabatis,et al.  A System for Cyber Attack Detection Using Contextual Semantics , 2012, KMO.

[8]  Tai-hoon Kim,et al.  Computer Applications for Security, Control and System Engineering , 2012, Communications in Computer and Information Science.

[9]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[10]  Adam Stotz,et al.  INformation fusion engine for real-time decision-making (INFERD): A perceptual system for cyber attack tracking , 2007, 2007 10th International Conference on Information Fusion.

[11]  Christopher Krügel,et al.  Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[12]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[13]  Mooi Choo Chuah,et al.  Syntax vs. semantics: competing approaches to dynamic network intrusion detection , 2008, Int. J. Secur. Networks.

[14]  Adam Stotz,et al.  Understanding multistage attacks by attack-track based visualization of heterogeneous event streams , 2006, VizSEC '06.

[15]  A. Perrig,et al.  Exploiting Privacy Policy Conflicts in Online Social Networks (CMU-CyLab-12-005) , 2011 .

[16]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[17]  Hajime Shimada,et al.  Development of a Secure Traffic Analysis System to Trace Malicious Activities on Internal Networks , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[18]  Xiapu Luo,et al.  Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks , 2006, 2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006.

[19]  S. A. Asghari,et al.  Ontology-based modeling of DDoS attacks for attack plan detection , 2012, 6th International Symposium on Telecommunications (IST).

[20]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[21]  M. Kahani,et al.  Ontology-based distributed intrusion detection system , 2009, 2009 14th International CSI Computer Conference.

[22]  Georg Carle,et al.  Real-time Analysis of Flow Data for Network Attack Detection , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[23]  Bart Kosko,et al.  Fuzzy Cognitive Maps , 1986, Int. J. Man Mach. Stud..

[24]  Ludovic Mé,et al.  A Language Driven Intrusion Detection System for Event and Alert Correlation , 2004 .

[25]  Zheng Wang POSTER: On the Capability of DNS Cache Poisoning Attacks , 2014, CCS.

[26]  Florian Skopik,et al.  Combating advanced persistent threats: From network event correlation to incident detection , 2015, Comput. Secur..

[27]  Ping Chen,et al.  A Study on Advanced Persistent Threats , 2014, Communications and Multimedia Security.

[28]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .

[29]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[30]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[31]  Ricardo J. Rodríguez,et al.  Detection of Intrusions and Malware, and Vulnerability Assessment , 2016, Lecture Notes in Computer Science.

[32]  Balachander Krishnamurthy,et al.  Sketch-based change detection: methods, evaluation, and applications , 2003, IMC '03.

[33]  Lionel C. Briand,et al.  Automated testing for SQL injection vulnerabilities: an input mutation approach , 2014, ISSTA 2014.

[34]  George Karabatis,et al.  Context Infusion in Semantic Link Networks to Detect Cyber-attacks: A Flow-Based Detection Approach , 2014, 2014 IEEE International Conference on Semantic Computing.

[35]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[36]  Xiao Jie Liu,et al.  Reducing False Negatives in Intelligent Intrusion Detection Decision Response System , 2011 .

[37]  Andrew Vance Flow based analysis of Advanced Persistent Threats detecting targeted attacks in cloud computing , 2014, 2014 First International Scientific-Practical Conference Problems of Infocommunications Science and Technology.

[38]  Mohammad Ibrahim,et al.  STUXNET, DUQU and Beyond , 2012 .

[39]  Ali A. Ghorbani,et al.  Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[40]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[41]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[42]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[43]  Christopher Kruegel,et al.  Detection of Intrusions and Malware, and Vulnerability Assessment, Second International Conference, DIMVA 2005, Vienna, Austria, July 7-8, 2005, Proceedings , 2005, DIMVA.

[44]  MohapatraPrasant,et al.  A Proxy View of Quality of Domain Name Service, Poisoning Attacks and Survival Strategies , 2013 .

[45]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[46]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[47]  V. Vaidehi,et al.  Fuzzy Aided Application Layer Semantic Intrusion Detection System - FASIDS , 2010, ArXiv.

[48]  Adam Stotz,et al.  Situation Awareness of multistage cyber attacks by semantic event fusion , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[49]  Wei Yan,et al.  Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[50]  Andrew Honig,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012 .

[51]  Engin Kirda,et al.  A security analysis of Amazon's Elastic Compute Cloud service , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012).

[52]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[53]  Charles F. Hockett,et al.  A mathematical theory of communication , 1948, MOCO.

[54]  Woei-Jiunn Tsaur,et al.  Ontology-based Mobile Malware Behavioral Analysis , 2009 .

[55]  Cheng-Seen Ho,et al.  Attack Subplan-Based Attack Scenario Correlation , 2007, 2007 International Conference on Machine Learning and Cybernetics.

[56]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[57]  Levente Buttyán,et al.  The Cousins of Stuxnet: Duqu, Flame, and Gauss , 2012, Future Internet.

[58]  Benoit Claise,et al.  Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information , 2013, RFC.

[59]  Angelos Stavrou,et al.  Exploiting smart-phone USB connectivity for fun and profit , 2010, ACSAC '10.

[60]  Ali A. Ghorbani,et al.  Alert Correlation for Extracting Attack Strategies , 2006, Int. J. Netw. Secur..

[61]  Ya Lan Zhang,et al.  The SSL MIMT Attack with DNS Spoofing , 2013 .

[62]  Sushil Jajodia,et al.  k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities , 2014, IEEE Transactions on Dependable and Secure Computing.

[63]  Apostolis Zarras,et al.  Automated generation of models for fast and precise detection of HTTP-based malware , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[64]  Abdul Razzaq,et al.  Ontology based application level intrusion detection system by using Bayesian filter , 2009, 2009 2nd International Conference on Computer, Control and Communication.

[65]  Nicola Guarino,et al.  An Overview of OntoClean , 2004, Handbook on Ontologies.

[66]  N. Rao,et al.  A Security Analysis of Amazon’s Elastic Compute Cloud Service , 2015 .

[67]  Jong Hyuk Park,et al.  MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats , 2014, Symmetry.

[68]  Bimal Parmar,et al.  Protecting against spear-phishing , 2012 .

[69]  Roland Gabriel,et al.  Analyzing Malware Log Data to Support Security Information and Event Management: Some Research Results , 2009, 2009 First International Confernce on Advances in Databases, Knowledge, and Data Applications.

[70]  Johnny S. Wong,et al.  S-MAIDS: A Semantic Model for Automated Tuning, Correlation, and Response Selection in Intrusion Detection Systems , 2013, 2013 IEEE 37th Annual Computer Software and Applications Conference.

[71]  Marcus Schöller,et al.  A Granularity-adaptive System for in-Network Attack Detection , 2006 .

[72]  Michael Meier,et al.  A Model for the Semantics of Attack Signatures in Misuse Detection Systems , 2004, ISC.

[73]  Edgar Toshiro Yano,et al.  Towards a Framework to Detect Multi-stage Advanced Persistent Threats Attacks , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[74]  Tarique Mustafa Malicious Data Leak Prevention and Purposeful Evasion Attacks: An approach to Advanced Persistent Threat (APT) management , 2013, 2013 Saudi International Electronics, Communications and Photonics Conference.

[75]  Rainer Unland,et al.  On the semantics of complex events in active database management systems , 1999, Proceedings 15th International Conference on Data Engineering (Cat. No.99CB36337).

[76]  George M. Mohay,et al.  A framework for detecting network-based code injection attacks targeting Windows and UNIX , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[77]  Zahid Anwar,et al.  Ontology for attack detection: An intelligent approach to web application security , 2014, Comput. Secur..

[78]  Junho Choi,et al.  Ontology Based APT Attack Behavior Analysis in Cloud Computing , 2015, 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA).

[79]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[80]  Dimitris Gritzalis,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012, Comput. Secur..

[81]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[82]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[83]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[84]  Igor V. Kotenko,et al.  Multi-agent technologies for computer network security: attack simulation, intrusion detection and intrusion detection learning , 2003, Comput. Syst. Sci. Eng..

[85]  Urjita Thakar,et al.  Pattern Analysis and Signature Extraction for Intrusion Attacks on Web Services , 2010 .

[86]  Marco Balduzzi,et al.  Targeted attacks detection with SPuNge , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[87]  Michael Atighetchi,et al.  Federated Access to Cyber Observables for Detection of Targeted Attacks , 2014, 2014 IEEE Military Communications Conference.

[88]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[89]  Daniel A. Keim,et al.  A Survey of Visualization Systems for Malware Analysis , 2015, EuroVis.

[90]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[91]  George Karabatis,et al.  Using semantic networks to counter cyber threats , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[92]  Stathes Hadjiefthymiades,et al.  Enabling attack behavior prediction in ubiquitous environments , 2005, ICPS '05. Proceedings. International Conference on Pervasive Services, 2005..

[93]  Tsung-Yen Chuang,et al.  Ontology-based intelligent system for malware behavioral analysis , 2010, International Conference on Fuzzy Systems.

[94]  Shari Lawrence Pfleeger,et al.  Going Spear Phishing: Exploring Embedded Training and Awareness , 2014, IEEE Security & Privacy.

[95]  Robert Luh,et al.  Malicious Behavior Patterns , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[96]  Christopher Leckie,et al.  A survey of coordinated attacks and collaborative intrusion detection , 2010, Comput. Secur..