Skip to main content
SpringerLink
Log in

Modeling Attack Process of Advanced Persistent Threat

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10066))

Abstract

Advanced Persistent Threat (APT) with deep concealment has become one of the most serious network attacks. Modeling APT attack process can facilitate APT analysis and detection. However, existed modeling approaches neither reflects APT attack dynamically nor takes human factor into consideration. In order to achieve this, we propose a Targeted Complex Attack Network (TCAN) model for APT attack process. Compared with current models, our model addresses human factor by conducting two-layer network structure. Besides, our model introduces time domain to expand the traditional attack graph into dynamic attack network. Whats more, we propose dynamic evolution rules based on complex network theory and characteristics of the actual attack scenarios. Our simulation results show that the model can express the process of attack effectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 102–109. IEEE (2011)

    Google Scholar 

  2. Jeun, I., Lee, Y., Won, D.: A practical study on advanced persistent threats. In: Kim, T., Stoica, A., Fang, W., Vasilakos, T., Villalba, J.G., Arnett, K.P., Khan, M.H., Kang, B.-H. (eds.) Computer Applications for Security, Control and System Engineering. CCIS, vol. 339, pp. 144–152. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  3. Ask, M., Bondarenko, P., Rekdal, J.E., Nordbø, A., Bloemerus, P., Piatkivskyi, D.: Advanced persistent threat (APT) beyond the hype, Project report in IMT4582 NetworN security at GjoviN University College. Springer (2013)

    Google Scholar 

  4. Cloppert, M.: Security intelligence: Introduction (pt 1), SANS Digital Forensics and Incident Response Blog (2009)

    Google Scholar 

  5. Furlani, C.: Managing information security risk: organization, mission, and information system view (2011)

    Google Scholar 

  6. Schneier, B.: Attack trees. Dr. Dobbs J. 24(12), 21–29 (1999)

    Google Scholar 

  7. Jajodia, S., Noel, S., OBerry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 247–266. Springer, Heidelberg (2005)

    Google Scholar 

  8. McDermott, J.P.: Attack net penetration testing. In: Proceedings of the 2000 Workshop on New Security Paradigms, pp. 15–21. ACM (2001)

    Google Scholar 

  9. Liu, Q.H., Wang, W., Tang, M., Zhang, H.F.: Impacts of complex behavioral responses on asymmetric interacting spreading dynamics in multiplex networks. Sci. Rep. 6 (2016)

    Google Scholar 

  10. Giura, P., Wang, W.: A context-based detection framework for advanced persistent threats. In: 2012 International Conference on Cyber Security (CyberSecurity), pp. 69–74. IEEE (2012)

    Google Scholar 

  11. Zhao, W., Wang, P., Zhang, F.: Extended petri net-based advanced persistent threat analysis model. In: Wong, W.E., Zhu, T. (eds.) Computer Engineering and Networking, pp. 1297–1305. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  12. Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp. 390–395. IEEE (2014)

    Google Scholar 

  13. Ioannou, G., Louvieris, P., Clewley, N., Powell, G.: A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs. In: 2013 16th International Conference on Information Fusion (FUSION), pp. 842–849. IEEE (2013)

    Google Scholar 

  14. Fang, X., Zhai, L., Jia, Z., Bai, W.: A game model for predicting the attack path of APT. In: 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing (DASC), pp. 491–495. IEEE (2014)

    Google Scholar 

  15. Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warfare Secur. Res. 1, 80 (2011)

    Google Scholar 

  16. Skyrms, B., Pemantle, R.: A dynamic model of social network formation. In: Gross, T., Sayama, H. (eds.) Adaptive Networks, pp. 231–251. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. May, R.M., Lloyd, A.L.: Infection dynamics on scale-free networks. Phys. Rev. E 64(6), 066112 (2001)

    Article  Google Scholar 

  18. Kurtz, G.: Operation “aurora” hit google, others, vol. 80 (2010). http://siblog.mcafee.com/cto/operation-%E2

Download references

Acknowledgments

This work is supported by National Natural Science Foundation of China (Grant Nos. 61572115, 61502086 and 61402080), Chinese Postdoctoral Science Foundation (Grant Nos. 2014M562307).

Author information

Authors and Affiliations

  1. Center for Cyber Security, University of Electronic Science and Technology of China, Chengdu, 611731, China

    Weina Niu, Xiaosong Zhan, Guowu Yang & Ruidong Chen

  2. Institute of Supercomputing and Cloud Computing, Hunan University, Changsha, 410082, China

    Kenli Li

Authors
  1. Weina Niu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaosong Zhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kenli Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guowu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ruidong Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaosong Zhan .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Department of Computer Science, Colorado State University, Fort Collins, Colorado, USA

    Indrakshi Ray

  3. University of the West of Scotland, Paisley, Glasgow, United Kingdom

    Jose M. Alcaraz Calero

  4. Indian Institute of Information Technology and Management, Kerala (IIITMK), Trivandrum, Kerala, India

    Sabu M. Thampi

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Niu, W., Zhan, X., Li, K., Yang, G., Chen, R. (2016). Modeling Attack Process of Advanced Persistent Threat. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49148-6_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49147-9

  • Online ISBN: 978-3-319-49148-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation