Figure 1- - uploaded by Khalid Abdulrazzaq Alminshid
Content may be subject to copyright.
Source publication
![Figure 1-APT attack process. source: [22]](profile/Khalid-Alminshid/publication/338854957/figure/fig1/AS:852246023639041@1580202694915/APT-attack-process-source-22_Q320.jpg)
![Traditional attacks and APT attacks: comparison Source:[16]](profile/Khalid-Alminshid/publication/338854957/figure/tbl1/AS:852246027837440@1580202695125/Traditional-attacks-and-APT-attacks-comparison-Source16_Q320.jpg)
![Groups and Operations of APT29 Source: [23]](profile/Khalid-Alminshid/publication/338854957/figure/tbl2/AS:852246027853827@1580202695164/Groups-and-Operations-of-APT29-Source-23_Q320.jpg)
So far, APT (Advanced Persistent Threats) is a constant concern for information security. Despite that, many approaches have been used in order to detect APT attacks, such as change controlling, sandboxing and network traffic analysis. However, success of 100% couldn't be achieved. Current studies have illustrated that APTs adopt many complex techn...
Contexts in source publication
Context 1
... all APTs have a common characteristic of passing the same stages to reach their target. Figure 1 shows the APT attack process, which can be summarized as mentioned below: 1. Intelligence gathering: infiltrate the company's network 2. Initial exploitation: install the required malware. 3. Command and control: Malware infiltrating search for other vulnerabilities and for further command and control. ...
Context 2
... all APTs have a common characteristic of passing the same stages to reach their target. Figure 1 shows the APT attack process, which can be summarized as mentioned below: 1. Intelligence gathering: infiltrate the company's network 2. Initial exploitation: install the required malware. 3. Command and control: Malware infiltrating search for other vulnerabilities and for further command and control. ...
Similar publications
![Figure 1-APT attack process. source: [22]](profile/Khalid-Alminshid/publication/342700071/figure/fig1/AS:909912418811906@1593951434328/APT-attack-process-source-22_Q320.jpg)
![Traditional attacks and APT attacks: comparison Source:[16]](profile/Khalid-Alminshid/publication/342700071/figure/tbl1/AS:909912418824193@1593951434468/Traditional-attacks-and-APT-attacks-comparison-Source16_Q320.jpg)
![Groups and Operations of APT29 Source: [23]](profile/Khalid-Alminshid/publication/342700071/figure/tbl2/AS:909912418811908@1593951434496/Groups-and-Operations-of-APT29-Source-23_Q320.jpg)
So far, APT (Advanced Persistent Threats) is a constant concern for information security. Despite that, many approaches have been used in order to detect APT attacks, such as change controlling, sandboxing and network traffic analysis. However, success of 100% couldn’t be achieved. Current studies have illustrated that APTs adopt many complex techn...
Citations
... Alminshid and Omar [10] summarised several APT attack models and proposed one that merges the typical attack stages generally present in APT attacks. ...
... Pivot tunnel average traffic (PPS) 10 of FPR with 1000 PPS. During the experiment with P piv values of 10 and 25, the amount of traffic was not sufficient to feed the algorithm in the defined time window, resulting in insufficient data sample error, confirming the adequacy of PBE again. ...
Advanced cyber attackers often 'pivot' through several devices in such complex infrastructure to obfuscate their footprints and overcome connectivity restrictions. However, prior pivot attack detection strategies present concerning limitations. This paper addresses an improvement of cyber defence with APIVADS, a novel adaptive pivoting detection scheme based on traffic flows to determine cyber adversaries' presence based on their pivoting behaviour in simple and complex interconnected networks. Additionally, APIVADS is agnostic regarding transport and application protocols. The scheme is optimized and tested to cover remotely connected locations beyond a corporate campus's perimeters. The scheme considers a hybrid approach between decentralized host-based detection of pivot attacks and a centralized approach to aggregate the results to achieve scalability. Empirical results from our experiments show the proposed scheme is efficient and feasible. For example, a 98.54% detection accuracy near real-time is achievable by APIVADS differentiating ongoing pivot attacks from regular enterprise traffic as TLS, HTTPS, DNS and P2P over the internet.
... Although many approaches have been used to detect APT attacks, complete success was not a chieved y e t. This is because APTs adopt many complex techniques to evade all detection types [10]. Detection methods for APTs could be classified to: Anomaly detection, detection by pattern matching, game-based detection, sandboxing techniques, and graph-based detection. ...
... Attack graphs are useful in analyzing and visualizing the attack path took by attacker It also helps in estimating the attack's cost. This is in addition to recognizing the most critical system zones [10]. The potential vulnerability of a network to attacks that use privilege escalation and lateral movement can be evaluated using graph metrics. ...
