Skip to main content
SpringerLink
Log in

A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Recently in the connected digital world, targeted attack has become one of the most serious threats to conventional computing systems. Advanced persistent threat (APT) is currently one of the most important threats considering the information security concept. APT persistently collects data from a specific target by exploiting vulnerabilities using diverse attack techniques. Many researchers have contributed to find approaches and solutions to fight against network intrusion and malicious software. However, only a few of these solutions are particularly focused on APT. In this paper, we introduce a structured study on semantic-aware work to find potential contributions that analyze and detect APT in details. We propose modeling phase that discusses the typical steps in APT attacks to collect the desired information by attackers. Our research explores social network and web infrastructure exploitation as well as communication protocols and much more for future networks and communications. The paper also includes some recent Zero-day attacks, use case scenarios and cyber trends in southeastern countries. To overcome these challenges and attacks, we introduce a detailed comprehensive literature evaluation scheme that classifies and provides countermeasures of APT attack behavior. Furthermore, we discuss future research direction of APT defense framework of next-generation threat life cycle.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Chen P, Desmet L, Huygens C (2014) A study on advanced persistent threats. In: ifip International Conference on Communications and Multimedia Security, pp 63–72

  2. Jeun I, Lee Y, Won D (2012) A practical study on advanced persistent threats. Computer applications for security, control and system engineering. Springer, Berlin, Heidelberg, pp 144–152

  3. Moon D, Im H, Lee JD, Jong Park H (2014) MLDS: multi-layer defense system for preventing advanced persistent threats. Symmetry 6(4):997–1010

    Article  Google Scholar 

  4. Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur 8:16–19

    Article  Google Scholar 

  5. Sood AK, Enbody RJ (2013) Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur Priv 11(1):54–61

    Google Scholar 

  6. Friedberg I, Skopik F, Settanni G, Fiedler R (2015) Combating advanced persistent threats: from network event correlation to incident detection. Comput Secur 48:35–57

    Article  Google Scholar 

  7. Ask M, Bondarenko P, Rekdal JE, Nordbø A, Bloemerus P, Piatkivskyi D (2013) Advanced persistent threat (apt) beyond the hype. Project report in IMT4582 Networn security at Gjovin University College. Springer. https://andynor.net/static/fileupload/434/S2_NetwSec_Advanced_Persistent_Threat.pdf. Accessed 11 May 2016

  8. Bodmer S, Kilger M, Carpenter G, Jones J (2012) Reverse deception: organized cyber threat counter-exploitation. McGraw Hill Education. https://www.mhprofessional.com/details.php?isbn=0071772499. Accessed 24 June 2016

  9. Bilge L, Dumitras T (2012) Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, pp 833–844

  10. Zetter K (2011) How digital detectives deciphered Stuxnet, the most menacing malware in history. Wired Mag 11:1–8

    Google Scholar 

  11. Falliere N, Murchu L, Chien E (2015) W32.Stuxnet.Dossier. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier. Accessed 10 May 2016

  12. Mustafa T (2013) Malicious data leak prevention and purposeful evasion attacks: an approach to advanced persistent threat (APT) management. In: Electronics, Communications and Photonics Conference (SIECPC), Saudi International. IEEE, pp 1–5

  13. Information-technology Promotion Agency, Design and Operational Guide to Cope with advanced persistent threats. Japan (IPA) (2011). https://www.ipa.go.jp/security/english/third.html. Accessed 25 Apr 2016

  14. Smith AM, Toppel NY (2009) Case study: using security awareness to combat the advanced persistent threat. In: 13th Colloquium for Information Systems Security Education, pp 64–70

  15. Hoglund G (2009) Advanced persistent threat, what APT means to your enterprise. http://www.issa-sac.org/info_resources/ISSA_20100219_HBGary_Advanced_Persistent_Threat.pdf. Accessed 22 Mar 2016

  16. Dixon CJ, Pinckney T (2013) Indicating website reputations based on website handling of personal information. US Patent no. US 2006/0253583 A1

  17. Bhatti AT (2015) Integrated analysis on case study of steve gibson ddos attack may 4th, 2001: performance of testing tools and in the context of business. Int J Res Comput Appl Robot 3(7):8–12

    Google Scholar 

  18. Cova M, Kruegel C, Vigna G (2012) Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proc. 19th Int’l Conf. World Wide Web, ACM

  19. Sood AK, Enbody RJ (2011) Browser exploit packs death by bundled exploits. In: Proc. 21st Virus Bulletin Conf

  20. Spear-Phishing, watering hole and drive-by attacks: the new normal. Invincea, Inc. https://www.invincea.com/wp-content/uploads/2013/10/Invincea-spear-phishing-watering-holedrive-by-whitepaper-2013.pdf. Accessed 20 June 2016

  21. Kim CH, Kim S, Kim JB (2016) A study of agent system model for response to spear-phishing. Int Inf Inst Tokyo Inf 19(1):263

    Google Scholar 

  22. Branco R (2011) Into the darkness: dissecting targeted attacks. Qualys Blog. https://blog.qualys.com/securitylabs/2011/11/30/dissecting-targeted-attacks. Accessed 16 July 2016

  23. Appelt D, Nguyen CD, Briand LC, Alshahwan N (2014) Automated testing for SQL injection vulnerabilities: an input mutation approach. In: Proceedings of the 2014 International Symposium on Software Testing and Analysis. ACM, pp 259–269

  24. Huang W, Hsiao C, Lin N (2011) Mass meshing injection: Sidename.js (now cssminibar.js) ongoing. Armorize Malware Blog. http://blog.armorize.com/2011/06/mass-meshing-injectionsidenamejs.html. Accessed 14 June 2016

  25. Huang W, Hsiao C, Lin N (2011) Malvertising on google doubleclick ongoing. Armorize Malware Blog. http://blog.armorize.com/2011/08/k985ytvhtm-fake-antivirus-mass.html. Accessed 26 July 2016

  26. Zhang YL, Xia GS (2013) The SSL MIMT attack with DNS spoofing. In: Applied Mechanics and Materials, vol. 385. Trans Tech Publications, pp 1647–1650

  27. Wang Z (2014) POSTER: on the capability of DNS cache poisoning attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp 1523–1525

  28. Yuan L, Chen CC, Mohapatra P, Chuah CN, Kant K (2013) A proxy view of quality of domain name service, poisoning attacks and survival strategies. ACM Trans Internet Technol (TOIT) 12(3):9

    Article  Google Scholar 

  29. Yamada A, Kim THJ, Perrig A (2012) Exploiting privacy policy conflicts in online social networks. Technical Report: CMU-CyLab-12-005, Carnegie Mellon University

  30. Balduzzi et al M (2012) A security analysis of Amazon’s elastic compute cloud service. In: Proc. 27th Ann. ACM Symp. Applied Computing, ACM

  31. Ferrie P, Szor P (2004) Cabirn fever. Virus Bulletin Magazine

  32. Stavrou A, Wang Z (2011) Exploiting smart-phone USB connectivity for fun and profit. In: BlackHat DC Conf

  33. Rutkowska J (2009) Thoughts about trusted computing. In: EuSecWest Conf

  34. Wang L, Jajodia S, Singhal A, Cheng P, Noel S (2014) k-zero day safety A network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans Dependable Secure Comput 11(1):30–44

    Article  Google Scholar 

  35. Recent Zero-day exploits and vulnerabilities. https://www.fireeye.com/current-threats/recent-zero-day-attacks.html. Accessed 13 June 2016

  36. What is a zero-day vulnerability? http://www.pctools.com/security-news/zero-day-vulnerability/. Accessed 6 July 2016

  37. https://en.wikipedia.org/wiki/Zero-day_(computing). Accessed 15 May 2016

  38. Choi J, Choi C, Lynn HM, Kim P (2015) Ontology based APT attack behavior analysis in cloud computing. In: 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp 375–379

  39. James PF, Rohozinski R (2011) Stuxnet and the future of cyber war. Surv Glob Polit Strat 53(1):23–40

    Google Scholar 

  40. Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference on IEEE Industrial Electronics Society, pp 4490–4494

  41. Langner R (2011) Stuxnet: dissecting a cyber warfare weapon. IEEE Secur Priv 9(3):49–51

    Article  Google Scholar 

  42. Falliere N, Murchu LO, Chien E (2011) W32.Stuxnet Dossier, Symantec security response, Version 1.4

  43. Parmar B (2012) Protecting against spear-phishing. Comput Fraud Secur 2012(1):8–11

    Article  Google Scholar 

  44. Caputo DD, Pfleeger SL, Freeman JD, Johnson ME (2014) Going spear phishing: exploring embedded training and awareness. IEEE Secur Priv 12(1):28–38

    Article  Google Scholar 

  45. Faisal Mohammad, Ibrahim Mohammad (2012) STUXNET, DUQU and beyond. Int J Sci Eng Investig 1(2):75–78

    Google Scholar 

  46. Bencsáth B, Pék G, Buttyán L, Félegyházi M (2012) The cousins of Stuxnet: Duqu, Flame, and Gauss. Future Internet 4(4):972–1003

    Article  Google Scholar 

  47. Chen P, Desmet L, Huygens C (2014) A study on advanced persistent threats. Commun Multimed Secur 8735:63–72

    Google Scholar 

  48. http://www.enterpriseitnews.com.my/malaysia-organizations-more-likely-to-be-targeted-with-cyber-attacks-fireeye-report/3.4ref. Accessed 10 June 2016

  49. https://www.fireeye.com/current-threats/annual-threat-report.html3.4ref. Accessed 19 June 2016

  50. http://www.computerweekly.com/news/4500260196/Cyber-attacks-an-increasing-concern-for-Asean-countries. Accessed 10 May 2016

  51. http://www.computerweekly.com/news/4500260196/Cyber-attacks-an-increasing-concern-for-Asean-countries. Accessed 5 July 2016

  52. Davis J, Clarck A (2011) Data preprocessing for anomaly based network intrusion detection: a review. Comput Secur 30:353–375

    Article  Google Scholar 

  53. Kai HM, Liu XJ, Liu YF, Zhou L (2011) Reducing false negatives in intelligent intrusion detection decision response system. Appl Mech Mater 128:676–681

    Article  Google Scholar 

  54. Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland

  55. Zhou C, Leckie C, Karunasekera S (2010) A survey of coordinated attacks an collaborative intrusion detection. Comput Secur 29:124–140

    Article  Google Scholar 

  56. Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutor 12(3):343–356. doi:10.1109/SURV.2010.032210.00054

    Article  Google Scholar 

  57. Trammell B, Claise B (2015) Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. https://tools.ietf.org/html/rfc7011. Accessed 29 July 2015

  58. Cisco: Cisco IOS NetFlow. http://cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html. Accessed 29 July 2015

  59. University of California: KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 29 July 2015

  60. MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation. http://www.ll.mit.edu/ideval/data/. Accessed 29 July 2015

  61. Julisch K, Kruegel C (2005) Detection of intrusions and malware, and vulnerability assessment. In: Proceedings of 2nd International Conference, DIMVA Vienna, Austria, July 7–8. Springer, New York

  62. Abdoli F, Kahani, M (2009) Ontology-based distributed intrusion detection system. In: Computer Conference, 2009. CSICC 2009,14th International CSI. IEEE, pp 65–70

  63. W3C: Semantic web. http://www.w3.org/standards/semanticweb/. Accessed 29 July 2015

  64. Chiang HS, Tsaur WJ (2009) Ontology-based mobile malware behavioral analysis. Da-Yeh University, Changhua

    Google Scholar 

  65. Huang HD, Chuang TY, Tsai YL, Lee CS (2010) Ontology-based intelligent system for malware behavioral analysis. In: Fuzzy Systems (FUZZ), IEEE International Conference on, pp 1–6

  66. W3C: SPARQL 1.1 Overview. http://www.w3.org/TR/sparql11-overview/. Accessed 29 July 2015

  67. Stanford Center for Biomedical Informatics Research: Protégé. http://protege.stanford.edu/. Accessed 29 July 2015

  68. Apache Software Foundation: Apache JENA. https://jena.apache.org/. Accessed 27 July 2015

  69. Christodorescu M, Jha S, Seshia S, Song D, Bryant RE (2005) others: Semantics-aware malware detection. In: Security and Privacy, IEEE Symposium, pp 32–46

  70. Scheirer W, Chuah MC (2008) Syntax vs. semantics: competing approaches to dynamic network intrusion detection. Int J Secure Netw 3(1):24–35

    Article  Google Scholar 

  71. Hirono S, Yamaguchi Y, Shimada H, Takakura H (2014) Development of a secure traffic analysis system to trace malicious activities on internal networks. In: Proceeding of IEEE 38th Annual Conference on Computer Software and Applications Conference (COMPSAC). IEEE, pp 305–310

  72. Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3):273–297

    MATH  Google Scholar 

  73. Andersson S, Clark A, Mohay G, Schatz B, Zimmermann J (2005) A framework for detecting network-based code injection attacks targeting Windows and UNIX. In: Computer Security Applications Conference, 21st Annual, p 10

  74. Chien SH, Chang EH, Yu CY, Ho CS (2007) Attack sub plan based attack scenario correlation. Int Conf Mach Learn Cybern 4:1881–1887

    Article  Google Scholar 

  75. Cisco: Snort.Org. https://www.snort.org/. Accessed 10 Jan 2015

  76. Zhu B, Ghorbani AA (2005) Alert correlation for extracting attack strategies. Ph.D. thesis, Citeseer

  77. AlEroud A, Karabatis G (2013) A system for cyber attack detection using contextual semantics. In: 7th International Conference on Knowledge Management in Organizations: Service and Cloud Computing. Springer, New York, pp 431–442

  78. He P, Karabatis G (2012) Using semantic networks to counter cyber threats. In: Intelligence and Security Informatics (ISI), IEEE International Conference on, pp 184–184

  79. Shannon CE (2001) A mathematical theory of communication. ACM SIGMOBILE Mob Comput Commun Rev 5(1):3–55

  80. Münz G, Carle G (2007) Real-time analysis of flow data for network attack detection. In: Integrated Network Management, 2007. IM’07. 10th IFIP/IEEE International Symposium on, pp 100–108

  81. Vance A (2014) Flow based analysis of advanced persistent threats detecting targeted attacks in cloud computing. In: Info communications Science and Technology, 2014 1st International Scientific-Practical Conference Problems of, pp 173–176

  82. Krishnamurthy B, Sen S, Zhang Y, Chen Y (2003) Sketch-based change detection: methods, evaluation, and applications. In: Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, pp 234–247

  83. Aleroud A, Karabatis G (2014) Context infusion in semantic link networks to detect cyber-attacks: a flow-based detection approach. IEEE, pp 175–182

  84. Razzaq A, Latif K, Ahmad HF, Hur A, Anwar Z, Bloodsworth PC (2014) Semantic security against web application attacks. Inf Sci 254:19–38. doi:10.1016/j.ins.2013.08.007

    Article  Google Scholar 

  85. Razzaq A, Anwar Z, Ahmad HF, Latif K, Munir F (2014) Ontology for attack detection: an intelligent approach to web application security. Comput Secur 45:124–146. doi:10.1016/j.cose.05.005

    Article  Google Scholar 

  86. McGuinness DL, Van HF (2004) OWL web ontology language overview. W3C Recomm 10(10):101

  87. Meier M (2004) A model for the semantics of attack signatures in misuse detection systems. In: Information security. Lecture notes in computer science, vol 3225. Springer, New York, pp 158–169

  88. Guarino N, Welty CA (2009) An overview of OntoClean. In: Handbook on ontologies. Springer, New York, pp 201–220

  89. Razzaq A, Ahmed HF, Hur A, Haider N (2009) Ontology based application level intrusion detection system by using Bayesian filter. In: Computer Control and Communication, 2009. IC4 2nd International Conference on, pp 1–6

  90. Sangeetha S, Vaidehi V (2010) Fuzzy aided application layer semantic intrusion detection system—FASIDS. Int J Netw Secur Appl 2(2):39–56

    Google Scholar 

  91. Farrell JA (2015). http://www.cs.man.ac.uk/~pjj/farrell/comp2.html#EBNF. Accessed 29 July 2015

  92. Kosko B (1986) Fuzzy cognitive maps. Int J Man Mach Stud 24(1):65–75

    Article  MATH  Google Scholar 

  93. Balduzzi M, Ciangaglini V, McArdle R (2013) Targeted attacks detection with spunge. In: 11th Annual International Conference on Privacy, Security and Trust (PST), 2013, pp 185–194

  94. Levenshtein VI (1966) Binary codes capable of correcting deletions, insertions, and reversals. Sov Phys Doklady 10:707–710

    MathSciNet  Google Scholar 

  95. Thakar U, Dagdee N (2010) Pattern analysis and signature extraction for intrusion attacks on web services. Int J Netw Secur Appl 2(3):190–205. doi:10.5121/ijnsa.2010.2313

    Google Scholar 

  96. W3C: SOAP Version 1.2 Part 1: Messaging Framework (Second Edition). http://www.w3.org/TR/soap12/ . Accessed 22 July 2015

  97. Zarras A, Papadogiannakis A, Gawlik R, Holz T (2014) Automated generation of models for fast and precise detection of HTTP based malware. In: 12th Annual International Conference on. Privacy, Security and Trust (PST), pp 249–256

  98. Gamer T, Scholler M, Bless R (2006) A granularity-adaptive system for in-network attack detection. In: Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, pp 47–50

  99. Luo X, Chan EW, Chang RK (2006) Vanguard: a new detection scheme for a class of TCP-targeted denial-of-service attacks. In: Network Operations and Management Symposium, NOMS, 10th IEEE/IFIP, pp 507–518

  100. Ansarinia M, Asghari SA, Souzani A, Ghaznavi A (2012) Ontology-based modeling of DDoS attacks for attack plan detection. In: 2012 6th International Symposium on Telecommunications (IST), pp 993–998

  101. MITRE Corporation: CAPEC-Common Attack Pattern Enumeration and Classification (CAPEC). https://capec.mitre.org/. Accessed 22 Sept 2015

  102. MITRE Corporation: CVE-Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/. Accessed 22 Sept 2015

  103. MITRE Corporation: CWE-Common Weakness Enumeration. https://cwe.mitre.org/. Accessed 22 Sept 2015

  104. MITRE Corporation: Common Event Expression: CEE, A Standard Log Language for Event Interoperability in Electronic Systems. https://cee.mitre.org/. Accessed 29 July 2015

  105. Sikorski M, Honig A (2012) Practical malware analysis: the hands-on guide to dissecting malicious software. No Starch, San Francisco

    Google Scholar 

  106. Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv (CSUR) 44(2):6

    Article  Google Scholar 

  107. Idika N, Mathur AP (2007) A survey of malware detection techniques. Technical report 286, Department of Computer Science, Purdue University, USA

  108. Wagner M, Fischer F, Luh R, Haberson A, Rind A, Keim D, Aigner W, Borgo R, Ganovelli F, Viola I (2015) A Survey of Visualization Systems for Malware Analysis. In: EG Conference on Visualization (EuroVis)-STARs, pp 105–125

  109. Dornhackl H, Kadletz K, Luh R, Tavolato P (2014) Malicious behavior patterns. In: IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp 384–389

  110. Kumar S, Spafford EH (1994) A pattern matching model for misuse intrusion detection. In: Proceedings of the 17\(^{{\rm th}}\) National computer Security Conference, pp 11–21

  111. Peyman K, Ali AG (2005) Research on intrusion detection and response: a survey. IJ Netw Secur 1(2):84–102

    Google Scholar 

  112. Wagner D, Soto P (2002) Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp 255–264

  113. Landwehr CE, Bull AR, McDermott JP, Choi WS (1994) A taxonomy of computer program security flaws. ACM Comput Surv (CSUR) 26(3):211–254

    Article  Google Scholar 

  114. Raskin V, Hempelmann CF, Triezenberg KE, Nirenburg S (2001) Ontology in information security: a useful theoretical foundation and methodological tool. In: Proceedings of the Workshop on New Security Paradigms, pp 53–59

  115. FernándezL M, Gómez-Pérez A, Juristo N (1997) Methontology: from ontological art towards ontological engineering. In: AAAI Symposium on Ontological Engineering, American Association for Artificial Intelligence

  116. Anagnostopoulos T, Anagnostopoulos C, Hadjiefthymiades S (2005) Enabling attack behavior prediction in ubiquitous environments. In: Pervasive Services, 2005. ICPS’05, Proceedings of International Conference on, pp 425–428

  117. Yan W, Hou E, Ansari N (2004) Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks. In: Local Computer Networks, 29th Annual IEEE International Conference on, pp 110–100

  118. International secure systems lab: anubis-malware analysis for unknown binaries. https://anubis.iseclab.org/. Accessed 29 July 2015

  119. Zimmer D, Unland R (1999) On the semantics of complex events in active database management systems. In: 1999, Proceedings of 15th International Conference on, Data Engineering, pp 392–399

  120. Debar H, Curry D, Feinstein B (2015) The Intrusion Detection Message Exchange Format (IDMEF). https://www.ietf.org/rfc/rfc4765.txt. Accessed 29 July 2015

  121. Totel E, Vivinis B, Mé L (2004) A language driven intrusion detection system for event and alert correlation. In: Proceedings at the 19th IFIP International Information Security Conference. Kluwer Academic, Toulouse, Springer, New York, pp 209–224

  122. Alienvault: OSSIM: The Open Source SIEM | AlienVault. https://www.alienvault.com/products/ossim. Accessed 29 July 2015

  123. Gorodetski V, Kotenko I, Karsaev O (2003) Multi-agent technologies for computer network security: attack simulation, intrusion detection and intrusion detection learning. Comput Syst Sci Eng 18(4):191–200

    Google Scholar 

  124. Bhatt P, Yano ET, Gustavsson P (2014) Towards a framework to detect multi-stage advanced persistent threat sattacks. Proceeding of IEEE 8th international symposium on service oriented system engineering (SOSE). IEEE, pp 390–395

  125. Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead Issues Inf Warfare Secur Res 1:80

    Google Scholar 

  126. Mathew S, Upadhyaya S, Sudit M, Stotz A (2010) Situation awareness of multistage cyber attacks by semantic event fusion. In: Military Communications Conference, 2010-MILCOM 2010. IEEE, pp 1286–1291

  127. Stotz A, Sudit M (2007) Information fusion engine for real-time decision-making (INFERD): a perceptual system for cyber attack tracking. In: Information Fusion, 2007 10th International Conference on, pp 1–8

  128. Mathew S, Giomundo R, Upadhyaya S, Sudit M, Stotz A (2006) Understanding multistage attacks by attack-track based visualization of heterogeneous event streams. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security, pp 1–6

  129. GlobalSecurity.org: Open Source Information System (OSIS). http://www.globalsecurity.org/intell/systems/ osis.htm. Accessed 29 July 2015

  130. Atighetchi M, Griffith J, Emmons I, Mankins D, Guidorizzi R (2014) Federated access to cyber observables for detection of targeted attacks. In: Proceeding of IEEE on Military Communications Conference (MILCOM), IEEE. pp 60–66

  131. Sadighian A, Zargar ST, Fernandez JM, Lemay A (2013) Semantic-based context-aware alert fusion for distributed Intrusion Detection Systems. In International Conference on, Risks and Security of Internet and Systems (CRiSIS), pp 1–6

  132. Gabriel R, Hoppe T, Pastwa A, Sowa S (2009) Analyzing malware log data to support security information and event management: some research results. In: Proceeding of IEEE First International Conference on Advances in Databases, Knowledge, and Data Applications (DBKDA). IEEE, pp 108–113

  133. Langeder S (2014) Towards dynamic attack recognition for SIEM. Ph.D. thesis, St. Poelten University of Applied Sciences

  134. Strasburg C, Basu S, Wong JS (2013) S-MAIDS: a semantic model for automated tuning, correlation, and response selection in intrusion detection systems, In: Proceeding of IEEE 37th Annual Conference on Computer Softwareand Applications Conference (COMPSAC). IEEE, pp 319–328

Download references

Acknowledgments

This work was supported by the Institute for Information and communications Technology Promotion (IITP) Grant funded by the Korea government (MSIP) (No. R-20160222-002755, Cloud based Security Intelligence Technology Development for the Customized Security Service Provisioning.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech), Seoul, Korea

    Saurabh Singh, Pradip Kumar Sharma, Seo Yeon Moon & Jong Hyuk Park

  2. Network Security Research Team, Electronics and Telecommunications Research Institute, Daejeon, Korea

    Daesung Moon

Authors
  1. Saurabh Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pradip Kumar Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seo Yeon Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daesung Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jong Hyuk Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jong Hyuk Park.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Singh, S., Sharma, P.K., Moon, S.Y. et al. A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J Supercomput 75, 4543–4574 (2019). https://doi.org/10.1007/s11227-016-1850-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-016-1850-4

Keywords

Search

Navigation