Towards a Framework to Detect Multi-Stage Advanced Persistent Threats Attacks
2014 (English)In: Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium, IEEE Computer Society, 2014Conference paper (Refereed)
Detecting and defending against Multi-Stage Advanced Persistent Threats (APT) Attacks is a challenge for mechanisms that are static in its nature and are based on blacklisting and malware signature techniques. Blacklists and malware signatures are designed to detect known attacks. But multi-stage attacks are dynamic, conducted in parallel and use several attack paths and can be conducted in multi-year campaigns, in order to reach the desired effect. In this paper the design principles of a framework are presented that model Multi-Stage Attacks in a way that both describes the attack methods as well as the anticipated effects of attacks. The foundation to model behaviors is by the combination of the Intrusion Kill-Chain attack model and defense patterns (i.e. a hypothesis based approach of known patterns). The implementation of the framework is made by using Apache Hadoop with a logic layer that supports the evaluation of a hypothesis.
Place, publisher, year, edition, pages
IEEE Computer Society, 2014.
Other Engineering and Technologies
Research subject Ledningsvetenskap
IdentifiersURN: urn:nbn:se:fhs:diva-5128ISBN: 978-1-4799-2504-9OAI: oai:DiVA.org:fhs-5128DiVA: diva2:777874
Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium