Advanced Persistent Threat Mitigation Using Multi Level Security - Access Control Framework

Bring Your Own Device BYOD concept has become popular amongst organization. However, due to its portability and information available through social network, BYOD has become susceptible to information stealing attacks such as Advanced Persistent Threat APT attack. APT attack uses tricky methods in getting access into the target's machine and mostly motives and stand as a threat to politics, corporate, academic and even military. Various mitigation techniques have been proposed in tackling this attack but, most of them are relying on available information of the attacks and does not provide data protection. Hence, it is challenging in providing protection against APT attack. In this paper, we will investigate on the available mitigation techniques and its problems in tackling APT attack by looking on the root cause of the attack inside BYOD environment. Lastly, based on the information obtained we will propose a new framework in reducing APT attack.

[1]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[2]  Sahin Albayrak,et al.  Smartphone malware evolution revisited: Android next target? , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[3]  Morteza Amini,et al.  A Context-Aware Mandatory Access Control Model for Multilevel Security Environments , 2008, SAFECOMP.

[4]  Neal Leavitt Today's Mobile Security Requires a New Approach , 2013, Computer.

[5]  Stefan Smolnik,et al.  The Impact of Mobile Computing on Individuals, Organizations, and Society - Synthesis of Existing Literature and Directions for Future Research , 2013, 2013 46th Hawaii International Conference on System Sciences.

[6]  Dimitris Gritzalis,et al.  Trusted Computing vs. Advanced Persistent Threats: Can a Defender Win This Game? , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[7]  Mark Anderson,et al.  A Context-Based Integrity Framework , 2012, 2012 19th Asia-Pacific Software Engineering Conference.

[8]  Wan Haslina Hassan,et al.  WIRELESS NETWORKS: DEVELOPMENTS, THREATS AND COUNTERMEASURES , 2013 .

[9]  Tarique Mustafa Malicious Data Leak Prevention and Purposeful Evasion Attacks: An approach to Advanced Persistent Threat (APT) management , 2013, 2013 Saudi International Electronics, Communications and Photonics Conference.

[10]  Bill Morrow,et al.  BYOD security challenges: control and protect your most sensitive data , 2012, Netw. Secur..

[11]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[12]  Bimal Parmar,et al.  Protecting against spear-phishing , 2012 .

[13]  Vivy Suhendra A Survey on Access Control Deployment , 2011, FGIT-SecTech.

[14]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[15]  Mauro Conti,et al.  MOSES: Supporting and Enforcing Security Profiles on Smartphones , 2014, IEEE Transactions on Dependable and Secure Computing.