Anticipating Advanced Persistent Threat (APT) countermeasures using collaborative security mechanisms

Information and communication security has gained significant importance due to its wide spread use, increased sophistication and complexity in its deployment. On the other hand, more sophisticated and stealthy techniques are being practiced by the intruder's group to penetrate and exploit the technology and attack detection. One such treacherous threat to all critical assets of an organization is Advanced Persistent Threat (APT). Since APT attack vector is not previously known, consequently this can harm the organization's assets before the patch for this security flaw is released/available. This paper presents a preliminary research effort to counter the APT or zero day attacks at an early stage by detecting malwares. Open Source version of Security Information and Event Management (SIEM) is used to detect denial of service attack launched through remote desktop service. The framework presented in this paper also shows the efficiency of the technique and it can be enhanced with more sophisticated mechanisms for APT attack detection.

[1]  Zhang Wei,et al.  Intrusive Detection Systems Design based on BP Neural Network , 2010, DISC 2010.

[2]  Chirag S. Thaker,et al.  Zero-Day Attack Signatures Detection Using Honeypot , 2012 .

[3]  Guadalupe I. Janoski,et al.  Intrusion Detection : Support Vector Machines and Neural Networks , 2002 .

[4]  Jingwen Tian,et al.  Network Intrusion Detection Method Based on Improved Simulated Annealing Neural Network , 2009, 2009 International Conference on Measuring Technology and Mechatronics Automation.

[5]  Song Guangjun,et al.  The Research of Dynamic Change Learning Rate Strategy in BP Neural Network and Application in Network Intrusion Detection , 2008, 2008 3rd International Conference on Innovative Computing Information and Control.

[6]  Bhavin Shah,et al.  Artificial Neural Network based Intrusion Detection System: A Survey , 2012 .

[7]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[8]  Zhang Wei,et al.  Intrusive Detection Systems Design based on BP Neural Network , 2010, 2010 Ninth International Symposium on Distributed Computing and Applications to Business, Engineering and Science.

[9]  Soo Kyun Kim,et al.  Decision support system for zero-day attack response , 2012 .

[10]  Joni da Silva Fraga,et al.  Octopus-IIDS: An anomaly based intelligent intrusion detection system , 2010, The IEEE symposium on Computers and Communications.