论文信息 - The Big Four - What We Did Wrong in Advanced Persistent Threat Detection?

The Big Four - What We Did Wrong in Advanced Persistent Threat Detection?

As both the number and the complexity of cyber-attacks continuously increase, it is becoming evident that current security mechanisms have limited success in detecting sophisticated threats. Stuxnet, Duqu, Flame and Red October have troubled the security community due to their severe complexity and their ability to evade detection - in some cases for several years. The significant technical and financial resources needed for orchestrating such complex attacks are a clear indication that perpetrators are well organized and, likely, working under a state umbrella. In this paper we perform a technical analysis of these advanced persistent threats, highlighting particular characteristics and identifying common patterns and techniques. We also focus on the issues that enabled the malware authors to evade detection from a wide range of security solutions and propose technical countermeasures for strengthening our defenses against similar threats.

Dimitris Gritzalis | Nikos Virvilis | D. Gritzalis | Nikos Virvilis

[1] Ralph Langner,et al. Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[2] Levente Buttyán,et al. The Cousins of Stuxnet: Duqu, Flame, and Gauss , 2012, Future Internet.

[3] Costas Lambrinoudakis,et al. Secure Electronic Voting: the Current Landscape , 2003 .

[4] Dimitris Gritzalis,et al. Long-term verifiability of healthcare records authenticity , 2007 .

[5] Dimitris Gritzalis,et al. Long-term verifiability of the electronic healthcare records' authenticity , 2007, Int. J. Medical Informatics.

[6] Levente Buttyán,et al. Duqu: Analysis, Detection, and Lessons Learned , 2012 .

[7] Dimitris Gritzalis,et al. Design of a neural network for recognition and classification of computer viruses , 1995, Comput. Secur..

[8] Thomas M. Chen,et al. Lessons from Stuxnet , 2011, Computer.

[9] Diomidis Spinellis,et al. Evaluating certificate status information mechanisms , 2000, CCS.