Abstract
Advanced Persistent Threat (APT) with deep concealment has become one of the most serious network attacks. Modeling APT attack process can facilitate APT analysis and detection. However, existed modeling approaches neither reflects APT attack dynamically nor takes human factor into consideration. In order to achieve this, we propose a Targeted Complex Attack Network (TCAN) model for APT attack process. Compared with current models, our model addresses human factor by conducting two-layer network structure. Besides, our model introduces time domain to expand the traditional attack graph into dynamic attack network. Whats more, we propose dynamic evolution rules based on complex network theory and characteristics of the actual attack scenarios. Our simulation results show that the model can express the process of attack effectively.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 102–109. IEEE (2011)
Jeun, I., Lee, Y., Won, D.: A practical study on advanced persistent threats. In: Kim, T., Stoica, A., Fang, W., Vasilakos, T., Villalba, J.G., Arnett, K.P., Khan, M.H., Kang, B.-H. (eds.) Computer Applications for Security, Control and System Engineering. CCIS, vol. 339, pp. 144–152. Springer, Heidelberg (2012)
Ask, M., Bondarenko, P., Rekdal, J.E., Nordbø, A., Bloemerus, P., Piatkivskyi, D.: Advanced persistent threat (APT) beyond the hype, Project report in IMT4582 NetworN security at GjoviN University College. Springer (2013)
Cloppert, M.: Security intelligence: Introduction (pt 1), SANS Digital Forensics and Incident Response Blog (2009)
Furlani, C.: Managing information security risk: organization, mission, and information system view (2011)
Schneier, B.: Attack trees. Dr. Dobbs J. 24(12), 21–29 (1999)
Jajodia, S., Noel, S., OBerry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 247–266. Springer, Heidelberg (2005)
McDermott, J.P.: Attack net penetration testing. In: Proceedings of the 2000 Workshop on New Security Paradigms, pp. 15–21. ACM (2001)
Liu, Q.H., Wang, W., Tang, M., Zhang, H.F.: Impacts of complex behavioral responses on asymmetric interacting spreading dynamics in multiplex networks. Sci. Rep. 6 (2016)
Giura, P., Wang, W.: A context-based detection framework for advanced persistent threats. In: 2012 International Conference on Cyber Security (CyberSecurity), pp. 69–74. IEEE (2012)
Zhao, W., Wang, P., Zhang, F.: Extended petri net-based advanced persistent threat analysis model. In: Wong, W.E., Zhu, T. (eds.) Computer Engineering and Networking, pp. 1297–1305. Springer, Heidelberg (2014)
Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp. 390–395. IEEE (2014)
Ioannou, G., Louvieris, P., Clewley, N., Powell, G.: A Markov multi-phase transferable belief model: an application for predicting data exfiltration APTs. In: 2013 16th International Conference on Information Fusion (FUSION), pp. 842–849. IEEE (2013)
Fang, X., Zhai, L., Jia, Z., Bai, W.: A game model for predicting the attack path of APT. In: 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing (DASC), pp. 491–495. IEEE (2014)
Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warfare Secur. Res. 1, 80 (2011)
Skyrms, B., Pemantle, R.: A dynamic model of social network formation. In: Gross, T., Sayama, H. (eds.) Adaptive Networks, pp. 231–251. Springer, Heidelberg (2009)
May, R.M., Lloyd, A.L.: Infection dynamics on scale-free networks. Phys. Rev. E 64(6), 066112 (2001)
Kurtz, G.: Operation “aurora” hit google, others, vol. 80 (2010). http://siblog.mcafee.com/cto/operation-%E2
Acknowledgments
This work is supported by National Natural Science Foundation of China (Grant Nos. 61572115, 61502086 and 61402080), Chinese Postdoctoral Science Foundation (Grant Nos. 2014M562307).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Niu, W., Zhan, X., Li, K., Yang, G., Chen, R. (2016). Modeling Attack Process of Advanced Persistent Threat. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-49148-6_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49147-9
Online ISBN: 978-3-319-49148-6
eBook Packages: Computer ScienceComputer Science (R0)