Skip to main content
SpringerLink
Log in

A Technology for Detection of Advanced Persistent Threat in Networks and Systems Using a Finite Angular State Velocity Machine and Vector Mathematics

  • Chapter
  • First Online:
Computer and Network Security Essentials

Abstract

The aim of this chapter is to apply an advanced journal-published state machine engine to the analysis of state variables that can detect the presence of Advanced Persistent Threat (APT) and other malware. The Finite Angular State Velocity Machine (FAST-VM) can model and analyze large amounts of state information over a temporal space. The ability to analyze and model large amounts of data over time is a key factor in detecting Advanced Persistent Threat. Experimentally, the FAST-VM has analyzed 10,000,000 state variable vectors in around 24 ms. This demonstrates the application of “big data” to the area of cyber security. The Finite Angular State Transition Velocity Machine (FAST-VM) has the capability to address these challenges and is based on previous published work with Spicule. It reduces the high order of state variable changes that have subtle changes in them over time to a threat analysis that is easy to comprehend and can also predict future threats. FAST-VM unifies the three major areas of IDS (anomaly, misuse, and specification) into a single model. The FAST-VM mathematical analysis engine has shown great computational possibilities in prediction, classification, and detection, but it has never been mapped to a system’s state variables. This technology seeks to determine how to map the state variables in a system to detect APT. Successful technology development in this area could dramatically affect all facets of computation, especially autonomous vehicles and networks. This chapter will present theory then application of this advanced technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Turner, J. (2016, September). Seeing the unseen—Detecting the advanced persistent threat [Webcast]. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/resources/wc-detecting-the-advanced-persistent-threat

  2. Vert, G., Gonen, B., & Brown, J. (2014). A theoretical model for detection of advanced persistent threat in networks and systems using a finite angular state velocity machine (FAST-VM). International Journal of Computer Science and Application, 3(2), 63.

    Article  Google Scholar 

  3. Dell SecureWorks. (2016, September). Advanced persistent threats: Learn the ABCs of APTs – Part I. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/blog/advanced-persistent-threats-apt-a

  4. Daly, M. K. (2009, November). Advanced persistent threat (or informational force operations). Usenix.

    Google Scholar 

  5. Ramsey, J. R. (2016). Who advanced persistent threat actors are targeting [Video]. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/resources/vd-who-apt-actors-are-targeting

  6. Scarfone, K., & Mell, P. (2012). Guide to intrusion detection and prevention systems (IDPS) (pp. 800–894). Computer Security and Resource Center, National Institute of Standards and Technology.

    Google Scholar 

  7. Kareev, Y., Fiedler, K., & Avrahami, J. (2009). Base rates, contingencies, and prediction behavior. Journal of Experimental Psychology: Learning, Memory, and Cognition, 35(2), 371–380.

    Google Scholar 

  8. MacDonald, N. (2010, May). The future of information security is context aware and adaptive. Stamford, CT: Gartner Research.

    Google Scholar 

  9. Othman, Z. A., Baker, A. A., & Estubal, I. (2010, December). Improving signature detection classification model using features selection based on customized features. In 2010 10th international conference on intelligent systems design and applications (ISDA). doi: 10.1109/ISDA.2010.5687051

  10. Eick, S., & Wills, G. (1993, October). Navigating large networks with hierarchies, In Proceedings Visualization Conference ‘93 (pp. 204–210), San Jose, CA.

    Google Scholar 

  11. Han, G., & Kagawa, K. (2012). Towards a web-based program visualization system using Web3D. In ITHET conference.

    Google Scholar 

  12. Bricken, J., & Bricken, W. (1992, September). A boundary notation for visual mathematics. In Proceedings of the 1992 IEEE workshop on Visual Languages (pp. 267–269).

    Google Scholar 

  13. Damballa, Inc. (2010). What’s an advanced persistent threat? [White Paper.] Damballa, Inc. Retrieved from https://www.damballa.com/downloads/r_pubs/advanced-persistent-threat.pdf

  14. Erbacher, R., Walker, K., & Frincke, D. (2002, February). Intrusion and misuse detection in large-scale systems. In IEEE computer graphics and applications.

    Google Scholar 

  15. Vert, G., & Frincke, D. (1996). Towards a mathematical model for intrusions. In NISS conference.

    Google Scholar 

  16. Vert, G., Frincke, D. A., & McConnell, J. (1998). A visual mathematical model for intrusion detection. In Proceedings of the 21st NISSC conference, Crystal City, VA.

    Google Scholar 

  17. Vert, G., Chennamaneni, A., & Iyengar, S. S. (2012, July). A theoretical model for probability based detection and mitigation of malware using self organizing taxonomies, In SAM 2012, Las Vegas, NV.

    Google Scholar 

  18. Shuo, L., Zhao, J., & Wang, X. (2011, May). An adaptive invasion detection based on the variable fuzzy set. In 2011 international conference on network computing and information security (NCIS).

    Google Scholar 

  19. Hoque, M. S., Mukit, A., & Bikas, A. N. (2012). An implementation of intrusion detection system using genetic algorithm. International Journal of Network Security & ITS Applications (IJNSA), 4(2), 109–120.

    Article  Google Scholar 

  20. Vert, G., Gourd, J., & Iyengar, S. S. (2010, November). Application of context to fast contextually based spatial authentication utilizing the spicule and spatial autocorrelation. In: Air force global strike symposium cyber research workshop, Shreveport, LA.

    Google Scholar 

  21. Chandran, S., Hrudya, P., & Poornachandran, P. (2015). An efficient classification model for detecting advanced persistent threat. In 2015 international conference on advances in computing, communications and informatics (ICACCI) (p. 2003). doi:10.1109/ICACCI.2015.7275911

  22. Vert, G., & Triantaphyllou, E. (2009, July). Security level determination using branes for contextual based global processing: An architecture, In SAM’09 The 2009 international conference on security and management, Las Vegas, NV.

    Google Scholar 

  23. Vert, G., Harris, F., & Nasser, S. (2007). Modeling state changes in computer systems for security. International Journal of Computer Science and Network Security, 7(1), 267–274.

    Google Scholar 

  24. Vert, G., Harris, F., & Nasser, S. (2007). Spatial data authentication using mathematical visualization. International Journal of Computer Science and Network Security, 7(1), 267.

    Google Scholar 

  25. Song, H. M., Kim, H. R., & Kim, H. K. (2016). Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In 2016 international conference on information networking (ICOIN).

    Google Scholar 

  26. Lee, S. M., Kim, D. S., & Park, J. S. (2007). A hybrid approach for real-time network intrusion detection systems. In 2007 international conference on computational intelligence and security (CIS 2007).

    Google Scholar 

  27. Karthikeyan, K., & Indra, A. (2010). Intrusion detection tools and techniques—A survey. International Journal of Computer Theory and Engineering, 2(6), 901–906.

    Google Scholar 

  28. Mitchell, R., & Ing-Ray, C. (2015). Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Transactions on Dependable and Secure Computing, 12, 1.

    Article  Google Scholar 

  29. Mitchell, R., & Ing-Ray, C. (2012). Specification based intrusion detection for unmanned aircraft systems. In Proceedings of the first ACM MobiHoc workshop on airborne networks and communications—Airborne ‘12.

    Google Scholar 

  30. Bacs, A., Giuffrida, C., Grill, B., & Bos, H. (2016). Slick. In Proceedings of the 31 st annual ACM symposium on applied computing – SAC ‘16. Computer Science and Network Security, 7(1), 293–295. January 2007.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Security and Intelligence, Embry-Riddle Aeronautical University, Prescott, AZ, USA

    Gregory Vert, Jesse Roberts & Erica Bott

  2. School of Nursing, College of Health and Human Services, Northern Arizona University, Flagstaff, AZ, USA

    Ann Leslie Claesson-Vert

Authors
  1. Gregory Vert
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ann Leslie Claesson-Vert
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jesse Roberts
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Erica Bott
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gregory Vert .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, Michigan, USA

    Kevin Daimi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Cite this chapter

Vert, G., Claesson-Vert, A.L., Roberts, J., Bott, E. (2018). A Technology for Detection of Advanced Persistent Threat in Networks and Systems Using a Finite Angular State Velocity Machine and Vector Mathematics. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58424-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58423-2

  • Online ISBN: 978-3-319-58424-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation