Abstract
The aim of this chapter is to apply an advanced journal-published state machine engine to the analysis of state variables that can detect the presence of Advanced Persistent Threat (APT) and other malware. The Finite Angular State Velocity Machine (FAST-VM) can model and analyze large amounts of state information over a temporal space. The ability to analyze and model large amounts of data over time is a key factor in detecting Advanced Persistent Threat. Experimentally, the FAST-VM has analyzed 10,000,000 state variable vectors in around 24 ms. This demonstrates the application of “big data” to the area of cyber security. The Finite Angular State Transition Velocity Machine (FAST-VM) has the capability to address these challenges and is based on previous published work with Spicule. It reduces the high order of state variable changes that have subtle changes in them over time to a threat analysis that is easy to comprehend and can also predict future threats. FAST-VM unifies the three major areas of IDS (anomaly, misuse, and specification) into a single model. The FAST-VM mathematical analysis engine has shown great computational possibilities in prediction, classification, and detection, but it has never been mapped to a system’s state variables. This technology seeks to determine how to map the state variables in a system to detect APT. Successful technology development in this area could dramatically affect all facets of computation, especially autonomous vehicles and networks. This chapter will present theory then application of this advanced technology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Turner, J. (2016, September). Seeing the unseen—Detecting the advanced persistent threat [Webcast]. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/resources/wc-detecting-the-advanced-persistent-threat
Vert, G., Gonen, B., & Brown, J. (2014). A theoretical model for detection of advanced persistent threat in networks and systems using a finite angular state velocity machine (FAST-VM). International Journal of Computer Science and Application, 3(2), 63.
Dell SecureWorks. (2016, September). Advanced persistent threats: Learn the ABCs of APTs – Part I. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/blog/advanced-persistent-threats-apt-a
Daly, M. K. (2009, November). Advanced persistent threat (or informational force operations). Usenix.
Ramsey, J. R. (2016). Who advanced persistent threat actors are targeting [Video]. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/resources/vd-who-apt-actors-are-targeting
Scarfone, K., & Mell, P. (2012). Guide to intrusion detection and prevention systems (IDPS) (pp. 800–894). Computer Security and Resource Center, National Institute of Standards and Technology.
Kareev, Y., Fiedler, K., & Avrahami, J. (2009). Base rates, contingencies, and prediction behavior. Journal of Experimental Psychology: Learning, Memory, and Cognition, 35(2), 371–380.
MacDonald, N. (2010, May). The future of information security is context aware and adaptive. Stamford, CT: Gartner Research.
Othman, Z. A., Baker, A. A., & Estubal, I. (2010, December). Improving signature detection classification model using features selection based on customized features. In 2010 10th international conference on intelligent systems design and applications (ISDA). doi: 10.1109/ISDA.2010.5687051
Eick, S., & Wills, G. (1993, October). Navigating large networks with hierarchies, In Proceedings Visualization Conference ‘93 (pp. 204–210), San Jose, CA.
Han, G., & Kagawa, K. (2012). Towards a web-based program visualization system using Web3D. In ITHET conference.
Bricken, J., & Bricken, W. (1992, September). A boundary notation for visual mathematics. In Proceedings of the 1992 IEEE workshop on Visual Languages (pp. 267–269).
Damballa, Inc. (2010). What’s an advanced persistent threat? [White Paper.] Damballa, Inc. Retrieved from https://www.damballa.com/downloads/r_pubs/advanced-persistent-threat.pdf
Erbacher, R., Walker, K., & Frincke, D. (2002, February). Intrusion and misuse detection in large-scale systems. In IEEE computer graphics and applications.
Vert, G., & Frincke, D. (1996). Towards a mathematical model for intrusions. In NISS conference.
Vert, G., Frincke, D. A., & McConnell, J. (1998). A visual mathematical model for intrusion detection. In Proceedings of the 21st NISSC conference, Crystal City, VA.
Vert, G., Chennamaneni, A., & Iyengar, S. S. (2012, July). A theoretical model for probability based detection and mitigation of malware using self organizing taxonomies, In SAM 2012, Las Vegas, NV.
Shuo, L., Zhao, J., & Wang, X. (2011, May). An adaptive invasion detection based on the variable fuzzy set. In 2011 international conference on network computing and information security (NCIS).
Hoque, M. S., Mukit, A., & Bikas, A. N. (2012). An implementation of intrusion detection system using genetic algorithm. International Journal of Network Security & ITS Applications (IJNSA), 4(2), 109–120.
Vert, G., Gourd, J., & Iyengar, S. S. (2010, November). Application of context to fast contextually based spatial authentication utilizing the spicule and spatial autocorrelation. In: Air force global strike symposium cyber research workshop, Shreveport, LA.
Chandran, S., Hrudya, P., & Poornachandran, P. (2015). An efficient classification model for detecting advanced persistent threat. In 2015 international conference on advances in computing, communications and informatics (ICACCI) (p. 2003). doi:10.1109/ICACCI.2015.7275911
Vert, G., & Triantaphyllou, E. (2009, July). Security level determination using branes for contextual based global processing: An architecture, In SAM’09 The 2009 international conference on security and management, Las Vegas, NV.
Vert, G., Harris, F., & Nasser, S. (2007). Modeling state changes in computer systems for security. International Journal of Computer Science and Network Security, 7(1), 267–274.
Vert, G., Harris, F., & Nasser, S. (2007). Spatial data authentication using mathematical visualization. International Journal of Computer Science and Network Security, 7(1), 267.
Song, H. M., Kim, H. R., & Kim, H. K. (2016). Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In 2016 international conference on information networking (ICOIN).
Lee, S. M., Kim, D. S., & Park, J. S. (2007). A hybrid approach for real-time network intrusion detection systems. In 2007 international conference on computational intelligence and security (CIS 2007).
Karthikeyan, K., & Indra, A. (2010). Intrusion detection tools and techniques—A survey. International Journal of Computer Theory and Engineering, 2(6), 901–906.
Mitchell, R., & Ing-Ray, C. (2015). Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Transactions on Dependable and Secure Computing, 12, 1.
Mitchell, R., & Ing-Ray, C. (2012). Specification based intrusion detection for unmanned aircraft systems. In Proceedings of the first ACM MobiHoc workshop on airborne networks and communications—Airborne ‘12.
Bacs, A., Giuffrida, C., Grill, B., & Bos, H. (2016). Slick. In Proceedings of the 31 st annual ACM symposium on applied computing – SAC ‘16. Computer Science and Network Security, 7(1), 293–295. January 2007.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Vert, G., Claesson-Vert, A.L., Roberts, J., Bott, E. (2018). A Technology for Detection of Advanced Persistent Threat in Networks and Systems Using a Finite Angular State Velocity Machine and Vector Mathematics. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-58424-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58423-2
Online ISBN: 978-3-319-58424-9
eBook Packages: EngineeringEngineering (R0)