Evolution of Advanced Persistent Threat (APT) Attacks and Actors

Chen, Chia-Mei; Lai, Gu-Hsin; Wen, Dan-Wei (Marian)

doi:10.1007/978-981-13-9190-3_7

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1013))

Included in the following conference series:

International Computer Symposium

1621 Accesses
1 Citations

Abstract

Advanced Persistent Threat (APT) has become one of the most complicated and intractable cyber attack over the last decade. As APT attacks are conducted through series of actions that comprise social engineering, phishing, command and control servers, and remote desktop control, conventional anti-virus mechanisms become insufficient because they were designed to cope with traditional stand-alone malware attacks. Furthermore, data transmission from the compromised network to the APT actors is usually well disguised and embedded in normal transmission, exacerbating the detection of APT attacks to the point that even major anti-virus firms are not sure about the ratio of discovered APT attacks against real attacks. To make things worse, APT actors tend to be well-organized and potentially government-funded groups of hackers and professionals who are capable of developing and maintaining malware specifically made for their own purposes and interpret the stolen data. While most efforts in defending against APT attacks focus on related technologies, this research argues the importance of constructing a holistic understanding by analyzing the behaviors and changes of ATP attacks and actors. This research aims to understand the evolution of technologies and malware on the one hand and the behavioral changes of attacking groups. By doing so, this research is expected to contribute to constructing a clearer roadmap of APT attacks and actors that cyber security providers can use as reference.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 89.00; Price excludes VAT (USA)

Softcover Book: USD 119.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Lemay, A., Calvet, J., Menet, F., Fernandez, J.M.: Survey of publicly available reports on advanced persistent threat actors. Comput. Secur. 72, 26–59 (2018)
Article Google Scholar
Li, F., Lai, A., Ddl, D.: Evidence of Advanced Persistent Threat: A case study of malware for political espionage. In: 6th International Conference on Malicious and Unwanted Software, pp. 102–109 (2011)
Google Scholar
Mandiant: APT1: Exposing One of China’s Cyber Espionage Units (2013). https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf. Accessed 1 Mar 2018
Ussath, M., Jaeger, D., Feng, C., Meinel, C.: Advanced persistent threats: behind the scenes. In: 2016 Annual Conference on Information Science and Systems (CISS), pp. 181–186 (2016)
Google Scholar
Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for Advanced Persistent Threat detection. Comput. Netw. 109, 127–141 (2016)
Article Google Scholar
Nelson, R.R., Winter, S.: An Evolution Theory of Economic. Change Press (1982)
Google Scholar
Osborne, C.: Most companies take over six months to detect data breaches. https://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/. Accessed 20 Feb 2018
Aldridge, J.: Remediating Targeted-threat Intrusions (2018). https://media.blackhat.com/bh-us-12/Briefings/Aldridge/BH_US_12_Aldridge_Targeted_Intrustion_WP.pdf. Accessed 20 May 2018
Guido, D.: A case study of intelligence-driven defense. IEEE Secur. Priv. 9, 67–70 (2011)
Article Google Scholar
FireEye: APT37: The Overlooked North Korean Actor (2018). https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf. Accessed 1 Mar 2018
Blazquez, D., Domenech, J.: Big data sources and methods for social and economic analyses. Technol. Forecast. Soc. Change 130, 99–113 (2018)
Article Google Scholar
Wang, Y., Xu, W.: Leveraging deep learning with LDA-based text analytics to detect automobile insurance fraud. Decis. Support Syst. 105, 87–95 (2018)
Article Google Scholar

Download references

Author information

Authors and Affiliations

National Sun Yat-sen, Kaohsiung, 80424, Taiwan
Chia-Mei Chen & Dan-Wei (Marian) Wen
Taiwan Police College, Taipei, 11696, Taiwan
Gu-Hsin Lai

Authors

Chia-Mei Chen
View author publications
You can also search for this author in PubMed Google Scholar
Gu-Hsin Lai
View author publications
You can also search for this author in PubMed Google Scholar
Dan-Wei (Marian) Wen
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dan-Wei (Marian) Wen .

Editor information

Editors and Affiliations

National Yunlin University of Science and Technology, Douliu, Taiwan
Chuan-Yu Chang
National Yunlin University of Science and Technology, Douliu, Taiwan
Chien-Chou Lin
Southern Taiwan University of Science and Technology, Tainan, Taiwan
Horng-Horng Lin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Chen, CM., Lai, GH., Wen, DW.(. (2019). Evolution of Advanced Persistent Threat (APT) Attacks and Actors. In: Chang, CY., Lin, CC., Lin, HH. (eds) New Trends in Computer Technologies and Applications. ICS 2018. Communications in Computer and Information Science, vol 1013. Springer, Singapore. https://doi.org/10.1007/978-981-13-9190-3_7

Download citation

DOI: https://doi.org/10.1007/978-981-13-9190-3_7
Published: 11 July 2019
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9189-7
Online ISBN: 978-981-13-9190-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics