ABSTRACT
Situational awareness is significant for cyber security, which can help researchers and security analysts obtain the network security situation comprehensively and accurately. Advanced Persistent Threat (APT) attack could cause severe consequences to cyberspace and detecting such attacks have become a very important part of cyber security situational awareness. Some APT attacks may belong to a same group, many countries and organizations have established databases for APT groups, such as adopting knowledge graph (KG) to represent the knowledge. However, cyberspace security knowledge varies by temporal and spatial characteristics, such as the attack technologies are updated very frequently, traditional KG cannot represent such knowledge timely. To address this problem, the MDATA (Multi-dimensional Data Association and inTelligent Analysis) model is proposed in [1], which is a supplement and improvement to traditional KG. In this paper, we introduce an APT group knowledge model based on MDATA, which adds spatial-temporal characteristics of the APT groups. We also analyze how this knowledge model could help address the challenges of APT attack awareness.
- Y. Jia, B. Fang, Z. Gu, et al (2020). Network Security Situation Awareness. ISBN 9787121394843.Google Scholar
- B. Fang, Y. Jia, X. Li, A. Li, and X. Wu (2017). Big Search in Cyberspace. In IEEE Transactions on Knowledge and Data Engineering.Google ScholarCross Ref
- Z.H. Gong, Y. Zhou (2010). Research on cyberspace situational awareness. Journal of Software, 21(7), pp. 1605--1619.Google Scholar
- Y. Cheng, Y. Sagduyu, J. Deng, J. Li and P. Liu (2012). Integrated situational awareness for cyber attack detection, analysis, and mitigation. https://doi.org/10.1117/12.919261.Google Scholar
- Y. Jia, Y. Qi and H. Shang et al. (2018). A Practical Approach to Constructing a Knowledge Graph for Cybersecurity. Engineering, 4(1), pp. 53--60.Google ScholarCross Ref
- M. Iannacone, S. Bohn and G. Nakamura et al. (2015). Developing an Ontology for Cyber Security Knowledge Graphs. https://doi.org/10.1145/2746266. 2746278. Google ScholarDigital Library
- A. Piplai, S. Mittal and A. Joshi et al (2019). Creating Cybersecurity Knowledge Graphs from Malware After Action Reports. https://ebiquity.umbc.edu/paper/html/id/872/Creating-Cybersecurity-Knowledge-Graphs-from-Malware-After-Action-Reports.Google Scholar
- Y. Qi, R. Jiang, Y. Jia and A. Li. An APT Attack Analysis Framework Based on Self-define Rules and Mapreduce. https://ieeexplore.ieee.org/abstract/document/9172855.Google Scholar
- T. Debatty, W. Mees and T. Gilon (2018). Graph-based APT detection. International Conference on Military Communications and Information Systems (ICMCIS), pp. 1--8.Google ScholarCross Ref
- P. Giura and W. Wang (2012). A Context-Based Detection Framework for Advanced Persistent Threats. International Conference on Cyber Security, pp. 69--74. Google ScholarDigital Library
Index Terms
- An APT Group Knowledge Model based on MDATA
Recommendations
Two statistical traffic features for certain APT group identification
AbstractAdvanced Persistent Threat (APT) attack, which refers to the continuous and effective attack activities carried out by a group on a specific object, has become the major threats of highly protected networks. The attack traffics ...
Highlights- Design two new features to improve the identification results of APT group.
- ...
Ontology modeling for APT attack detection in an IoT-based power system
RACS '18: Proceedings of the 2018 Conference on Research in Adaptive and Convergent SystemsSmart grid technology is the core technology for the next-generation power grid system with enhanced energy efficiency through decision-making communication between suppliers and consumers enabled by integrating the IoT into the existing grid. This open ...
APT Detector: Detect and Identify APT Malware Based on Deep Learning Framework
ICCAI '23: Proceedings of the 2023 9th International Conference on Computing and Artificial IntelligenceAdvanced persistent threat (APT) attacks use sophisticated attack techniques and covert command and control (C&C) channels to conduct long-term sustained cyber attacks on specific targets as unobtrusively as possible. Over the past ten years, APT ...
Comments