Advanced Persistent Threat: Detection and Defence

The critical assessment presented within this paper explores existing research pertaining to the Advanced Persistent Threat (APT) branch of cyber security, applying the knowledge extracted from this research to discuss, evaluate and opinionate upon the areas of discussion as well as involving personal experiences and knowledge within this field. The synthesis of current literature delves into detection capabilities and techniques as well as defensive solutions for organisations with respect to APTs. Higher-tier detection and defensive strategies bear greater importance with larger organisations; especially government departments or organisations whose work impacts the public on a large scale. Successful APT attacks can result in the exfiltration of sensitive data, network down time and the infection of machines which allow for remote access from Command-and-control (C2) servers. This paper presents a well-rounded analysis of the Advanced Persistent Threat problem and provides well-reasoned conclusions of how to mitigate the security risk.

[1]  Ibrahim Ghafir,et al.  Proposed Approach for Targeted Attacks Detection , 2016 .

[2]  IBRAHIM GHAFIR,et al.  Botnet Command and Control Traffic Detection Challenges A Correlation based Solution , 2016 .

[3]  Mahmoud Taleb Beidokhti,et al.  Advances in Intelligent Systems and Computing , 2016 .

[4]  Dijiang Huang,et al.  A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities , 2019, IEEE Communications Surveys & Tutorials.

[5]  Florian Skopik,et al.  Combating advanced persistent threats: From network event correlation to incident detection , 2015, Comput. Secur..

[6]  Václav Přenosil,et al.  Advanced Persistent Threat and Spear Phishing Emails , 2015 .

[7]  Chunhua Su,et al.  Special Issue on Advanced Persistent Threat , 2018, Future Gener. Comput. Syst..

[8]  Václav Přenosil,et al.  Network Monitoring Approaches: An Overview , 2015 .

[9]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[10]  Ibrahim Ghafir,et al.  Tor-based malware and Tor connection detection , 2014 .

[11]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[12]  Richard J. Enbody,et al.  Targeted Cyberattacks: A Superset of Advanced Persistent Threats , 2013, IEEE Security & Privacy.

[13]  Mohd Azlishah Othman,et al.  Advanced Computer and Communication Engineering Technology , 2015 .

[14]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[15]  Ahmed Patel,et al.  A survey of intrusion detection and prevention systems , 2010, Inf. Manag. Comput. Secur..

[16]  Mohammad Hammoudeh,et al.  Disguised executable files in spear-phishing emails: detecting the point of entry in advanced persistent threat , 2018, PeerJ Prepr..

[17]  Jong Hyuk Park,et al.  A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions , 2019, The Journal of Supercomputing.

[18]  K. Hwang,et al.  Anomaly-based Intrusion Detection from Traffic Datamining on Internet Connections , 2003 .

[19]  Jason Steer The gaping hole in our security defences , 2014 .

[20]  Ibrahim Ghafir,et al.  Malicious File Hash Detection and Drive-by Download Attacks , 2016 .

[21]  Mohammad Hammoudeh,et al.  Malicious SSL Certificate Detection: A Step Towards Advanced Persistent Threat Defence , 2017, ICFNDS.

[22]  Rupak Kharel,et al.  An IoT and business processes based approach for the monitoring and control of high value-added manufacturing processes , 2017, ICFNDS.

[23]  Václav Přenosil,et al.  A Survey on Botnet Command and Control Traffic Detection , 2015 .

[24]  Ibrahim Ghafir,et al.  DNS query failure and algorithmically generated domain-flux detection , 2014 .