Abstract
Cyberspace has been threatened by attacks ever since its birth. With the development of the information technologies, especially big data and artificial intelligence, many kinds of cyber attacks are emerging every day, causing severe consequences to society. Meanwhile, intelligent defense methods are proposed to detect these attacks. Such attack and defense methods are constantly being renovated. In particular, advanced persistent threats are intensifying. How to effectively prevent this type of attack has become the a vital problem in recent years. The detection and defense technologies have made great progress. This chapter mainly discusses the research progress of APT attack detection and defense strategies at home and abroad, and focuses on the practice of using machine learning methods to perform attack detection while elaborating on traditional attack detection methods. We also introduce game theory based defense strategy to find the best defense strategy in limited resources, dynamic information flow tracking and cloud platform. With the development of knowledge representation, how to use the MDATA model to characterize the APT attacks is also be discussed in this chapter.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chen, R.-D., Zhang, X.-S., Niu, W.-N., Lan, H.-Y.: A research on architecture of apt attack detection and countering technology. J. Univ. Electron. Sci. Technol. China 48, 870–879 (2019)
Langner, R.: StuxNet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)
Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)
Auty, M.: Anatomy of an advanced persistent threat. Netw. Secur. 2015(4), 13–16 (2015)
Jia, Y., Qi, Y., Shang, H., Jiang, R., Li, A.: A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4(1), 1–164 (2018)
Zhao, X., Jia, Y., Li, A., Jiang, R., Song, Y.: Multi-source knowledge fusion: a survey. World Wide Web 23(4), 2567–2592 (2020). https://doi.org/10.1007/s11280-020-00811-0
Lee, C.Y., Lee, T.J., Park, H.R.: The characteristics of APT attacks and strategies of countermeasure. In: International Conference on Information Engineering (2014)
Radack, S.: Managing information security risk: organization, mission and information system view. Technical report, National Institute of Standards and Technology (2011)
Xiao, L., Xu, D., Mandayam, N.B., Poor, H.V.: Attacker-centric view of a detection game against advanced persistent threats. IEEE Trans. Mob. Comput. 17(11), 2512–2523 (2018)
Lajevardi, A.M., Amini, M.: A semantic-based correlation approach for detecting hybrid and low-level APTs. Future Gener. Comput. Syst. 96, 64–88 (2019)
Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)
Lu, J., Zhang, X., Junfeng, W., Lingyun, Y.: APT traffic detection based on time transform. In: International Conference on Intelligent Transportation (2017)
Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Verma, R.M. Rusinowitch, M. (eds.) Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics, IWSPA@CODASPY 2016, New Orleans, LA, USA, 11 March 2016, pp. 64–69. ACM (2016)
Brogi, G.: Real-time detection of advanced persistent threats using information flow tracking and hidden Markov models. (Détection temps réel de Menaces Persistantes Avancées par Suivi de Flux d’Information et Modèles de Markov Cachés). Ph.D. thesis, Conservatoire national des arts et métiers, Paris, France (2018)
Bodström, T., Hämäläinen, T.: A novel method for detecting APT attacks by using OODA loop and black swan theory. In: Chen, X., Sen, A., Li, W.W., Thai, M.T. (eds.) CSoNet 2018. LNCS, vol. 11280, pp. 498–509. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04648-4_42
Bodstrm, T., Hmlinen, T.: A novel deep learning stack for apt detection. Appl. Sci. 9(6), 1055 (2019)
Liu, H., Wu, T., Shen, J., Shi, C.: Advanced persistent threat detection based on generative adversarial networks and long short-term memory. Comput. Sci. 47(1), 281–286 (2020)
Ghafir, I., et al.: Detection of advanced persistent threat using machine-learning correlation analysis. Future Gener. Comput. Syst. 89, 349–359 (2018)
Zimba, A., Chen, H., Wang, Z.: Bayesian network based weighted APT attack paths modeling in cloud computing. Future Gener. Comput. Syst. 96, 525–537 (2019)
Zhang, M., Zheng, Z., Shroff, N.B.: A game theoretic model for defending against stealthy attacks with limited resources. In: Khouzani, M.H.R., Panaousis, E., Theodorakopoulos, G. (eds.) GameSec 2015. LNCS, vol. 9406, pp. 93–112. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25594-1_6
Yang, L., Li, P., Zhang, Y., Yang, X., Xiang, Y., Zhou, W.: Effective repair strategy against advanced persistent threat: a differential game approach. IEEE Trans. Inf. Forensics Secur. 14(7), 1713–1728 (2019)
Zhu, Q., Rass, S.: On multi-phase and multi-stage game-theoretic modeling of advanced persistent threats. IEEE Access 6, 13958–13971 (2018)
Wang, K., Du, M., Yang, D., Zhu, C., Shen, J., Zhang, Y.: Game-theory-based active defense for intrusion detection in cyber-physical embedded systems. ACM Trans. Embed. Comput. Syst. 16(1), 18:1–18:21 (2016)
Aijuan, C., Baoxu, L., Rongsheng, X.U.: Summary of the honeynet and entrapment defense technology. Comput. Eng. 9, 1–3 (2004)
Tian, W., XiaoPeng, J., Liu, W., Zhai, J., Huang, S.: Honeypot game-theoretical model for defending against apt attacks with limited resources in cyber-physical systems. ETRI J. 41(1), 585–598 (2019)
Zhen, F.: Design of security monitor module at runtime based on dynamic information flow tracking. Comput. Appl. Softw. (2012)
Sahabandu, D., Xiao, B., Clark, A., Lee, S., Lee, W., Poovendran, R.: DIFT games: dynamic information flow tracking games for advanced persistent threats. In: 57th IEEE Conference on Decision and Control, CDC 2018, Miami, FL, USA, 17–19 December 2018, pp. 1136–1143. IEEE (2018)
Moothedath, S., et al.: A game theoretic approach for dynamic information flow tracking to detect multi-stage advanced persistent threats. CoRR, vol. abs/1811.05622 (2018)
Xu, D., Xiao, L., Mandayam, N.B., Poor, H.V.: Cumulative prospect theoretic study of a cloud storage defense game against advanced persistent threats. In: 2017 IEEE Conference on Computer Communications Workshops, INFOCOM Workshops, Atlanta, GA, USA, 1–4 May 2017, pp. 541–546. IEEE (2017)
Li, Y., Zhang, T., Li, X., Li, T.: A model of APT attack defense based on cyber threat detection. In: Yun, X., et al. (eds.) CNCERT 2018. CCIS, vol. 970, pp. 122–135. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-6621-5_10
Min, M., Xiao, L., Xie, C., Hajimirsadeghi, M., Mandayam, N.B.: Defense against advanced persistent threats in dynamic cloud storage: a colonel blotto game approach. IEEE Internet Things J. 5(6), 4250–4261 (2018)
Abass, A.A.A., Xiao, L., Mandayam, N.B., Gajic, Z.: Evolutionary game theoretic analysis of advanced persistent threats against cloud storage. IEEE Access 5, 8482–8491 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Xing, K., Li, A., Jiang, R., Jia, Y. (2021). Detection and Defense Methods of Cyber Attacks. In: Jia, Y., Gu, Z., Li, A. (eds) MDATA: A New Knowledge Representation Model. Lecture Notes in Computer Science(), vol 12647. Springer, Cham. https://doi.org/10.1007/978-3-030-71590-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-71590-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71589-2
Online ISBN: 978-3-030-71590-8
eBook Packages: Computer ScienceComputer Science (R0)