Skip to main content
SpringerLink
Log in

Surviving advanced persistent threats in a distributed environment – Architecture and analysis

  • Published:
Information Systems Frontiers Aims and scope Submit manuscript

Abstract

Designing robust mission-critical systems demands bringing together fault tolerance and security. The emergence of Advanced Persistent Threats (APT) has further added to the challenge of meeting mission assurance goals. Despite the advances in mission survivability, the existing solutions remain ineffective against APTs. In this paper, we propose a novel survivability architecture against APTs in a distributed environment. It involves tamper-resistant and surreptitious detection and node-to-node verification of suspicious events. The solution aims to identify Attacker Intent, Objectives and Strategies (AIOS) and to design targeted recoveries that promote survivability. Its security strength has been theoretically analyzed, while the performance and scalability aspects are measured via simulation. Our simulations demonstrate high scalability with respect to network size and application runtime and the time overhead for long running applications can be easily kept under 1 % of original runtime by carefully adjusting the security strength.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  • Bajikar, S. (2002). Trusted Platform Module (TPM) based security on notebook PCs. White Paper, Mobile Platforms Group, Intel Corporation.

  • Brewer, R. (2014). Advanced persistent threats: minimizing the damage. Network Security, 4, 5–9.

    Article  Google Scholar 

  • Cohen, F., Lambert, D., Preston, C., Berry, N., Stewart, C., & Thomas, E. (2001). A framework for deception. Computers and Security (IFIP-TC11), pp. 3–40.

  • Ellison, R. J., Fisher, D. A., Linger, R. C., Lipson, H. F., Longstaff, T. A., & Mead, N. R. (1999). Survivability: protecting your critical systems. IEEE Internet Computing, 3, 55–63.

    Article  Google Scholar 

  • Gragido, W., & Pirc, J. (2011). Cyber Crime and Espionage: Seven Commonalities of Subversive Multi-vector Threats. Elsevier.

  • Kamhoua, C., Kwiat, K. A., Chatterjee, M., Park, J. S., & Hurley, P. (2013). Replication and diversity for survivability in cyberspace: a game theoretic approach. In Proceedings of the 8th International Conference on Information Warfare and Security (ICIW), pp. 116.

  • Kim, G. H., & Spafford, E. H. (1994). The design and implementation of tripwire: a file system integrity checker. In Proc. Second ACM Conference on Computer and Communications Security, pp. 18–29.

  • Mcwhorter, D. (2013). APT1: exposing one of China’s cyber espionage units. Mandiant Corporation.

  • Mehresh, R., & Upadhyaya, S. (2012). A deception framework for survivability against next generation cyber attacks. International Conference on Security and Management (SAM).

  • Mehresh, R., Upadhyaya, S., & Kwiat, K. A. (2010). A multi-step simulation approach toward secure fault tolerant system evaluation. International Workshop on Dependable Network Computing and Mobile Systems (DNCMS) in conjunction with IEEE Symposium on Reliable Distributed Systems, pp. 363–367.

  • Mehresh, R., Rao, J. J., Upadhyaya, S., Natarajan, S., & Kwiat, K. A. (2011). Tamper-resistant monitoring for securing multi-core environments. International Conference on Security and Management (SAM).

  • Mehresh, R., Upadhyaya, S., & Kwiat, K. (2012). Secure proactive recovery - a hardware based mission assurance scheme. Journal of Network Forensics, 3(32–48), 2011.

    Google Scholar 

  • Repik, K. A. (2008). Defeating adversary network intelligence efforts with active cyber defense techniques. No. AFIT/ICW/ENG/08-11, Grad. School of Eng. and Management, Air Force Inst. of Tech.

  • Schryen, G., Volkamer, M., Ries, S., & Habib, S. M. (2011). A formal approach towards measuring trust in distributed system. In Proceedings of the ACM Symposium on Applied Computing, pp. 1739–1745.

  • Trusted Computing Group Incorporated. (2007). TCG Software Stack (TSS) Specification version 1.2.

  • Yuill, J., Denning, D., & Feer, F. (2006). Using deception to hide things from hackers: processes, principles, and techniques. Journal of Information Warfare, 26–40.

Download references

Acknowledgments

This research is supported in part by National Science Foundation Grant No. DGE -1241709. A preliminary version of this paper has been presented at the 6th Secure Knowledge Management Conference at Dubai, UAE, December 2014 and a PhD research paper has been presented at the 10th International Conference on Cyber Warfare and Security ICCWS-2015 at Kruger National Park, South Africa, March 2015.

Author information

Authors and Affiliations

  1. University at Buffalo, The State University of New York, Buffalo, NY, 14260, USA

    Ruchika Mehresh & Shambhu Upadhyaya

Authors
  1. Ruchika Mehresh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shambhu Upadhyaya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shambhu Upadhyaya.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mehresh, R., Upadhyaya, S. Surviving advanced persistent threats in a distributed environment – Architecture and analysis. Inf Syst Front 17, 987–995 (2015). https://doi.org/10.1007/s10796-015-9569-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10796-015-9569-y

Keywords

Search

Navigation