Fig 6 - uploaded by Abdulhakim Sabur
Content may be subject to copyright.
Context in source publication
Context 1
... data, such as employee PII and salaries. Attack activities performed by this attack group require high sophistication to bypass the defenders' threat detection tools. This attack will have a different signature than the Amateur and skilled hackers attack in terms of skill set, stealthiness, and persistence as NIST defined an APT [44]. Fig. 6 shows the activities performed by APT attackers by ...
Similar publications
The contribution of this paper lies in investigating the product of subgroups as generators of persistent submanifolds. The primary focus is on establishing necessary conditions to ascertain whether the product of subgroups can indeed generate a persistent submanifold. Furthermore, the introduced technique is applied to reevaluate and analyze a pre...
Citations
... For rapid processing, the stored data is required to be in structured form. This will help the system to process data retrieval commands quickly [10]. Beyond fundamentals of storage policies, CRC-NIDS desires to make a strategic function for its own pre-defined rules management [11]. ...
Network-based intrusion detection systems (NIDS) are perceptively distributed devices within computer networks. They aim to examine traffic passing through the network on which they are installed passively. The database is the most vital part of network intrusion detection systems, as all the data converted information from the NIDS needs to be saved in a patterned structured manner. Understanding the usability of several available types of databases like central databases, Distributed databases, operational databases, etc., it is on the developer's end to choose the most comprehensive one. Data transformation and performance speed are essential features that a stable database can handle. In this paper, we have analyzed the performance of multiple databases to find out the proficient way that favors NIDS optimization.
... Unraveled [21]: A dataset that deconstructs an assault from the perspectives of both attackers and defenders. The dataset was created by simulating the usual behaviour of employees in a certain target organization in order to bridge the growing gap between real-world datasets and synthetically generated datasets. ...
... APT is defined by three words: (1) Advanced: APT attackers are technologically advanced in various attack methods and attack tools expertise (2) Persistent: APT attackers are tenacious in their pursuit of the attack's goal. (3) Threat: The threat component of APT stems from the possibility of losing sensitive data or mission-critical components [2]. An APT is a highly advanced and focused cyberattack method used by knowledgeable adversaries with substantial resources and skills. ...
... The fundamental goal of an APT is to acquire unauthorized access to sensitive data or systems and to keep it there for a long time while avoiding detection. Attackers find it challenging to mount threats against resources in the network traffic [3,4]. To detect APT in the network the authors test semi-supervised algorithms on the Dataset for Advanced Persistent Threats (DAPT 2020) dataset and demonstrate that they struggle to identify attack traffic at different stages of an advanced persistent threat [5,6]. ...
Advanced Persistent Threat (APT) attacks pose significant challenges for AI models in detecting and mitigating sophisticated and highly effective cyber threats. This research introduces a novel concept called Hybrid HHOSSA which is the grouping of Harris Hawk Optimization (HHO) and Sparrow Search Algorithm (SSA) characteristics for optimizing the feature selection and data balancing in the context of APT detection. In addition, the light GBM as well as the weighted average Bi-LSTM are optimized by the proposed hybrid HHOSSA optimization. The HHOSSA-based attribute selection is used to choose the most important attributes from the provided dataset in the early step of the quasi-identifier detection. The HHOSSA-SMOTE algorithm effectively balances the unbalanced data, such as the lateral movements and the data exfiltration in the DAPT 2020 database, which further improves the classifier performance. The light GBM and the Bi-LSTM classifier hyperparameters are well attuned and classified by the HHOSSA optimization for the precise classification of the attacks. The outcome of both the optimized light GBM and the Bi-LSTM classifier generates the final prediction of the attacks existing in the network. According to the research findings, the HHOSSA-hybrid classifier achieves high accuracy in detecting attacks, with an accuracy rate of 94.468 %, a sensitivity of 94.650 %, and a specificity of 95.230 % with a K-fold value of 10. Also, the HHOSSA-hybrid classifier achieves the highest AUC percentage of 97.032, highlighting its exceptional performance in detecting APT attacks.
... There is a lack of robust attack datasets that can help detect sophisticated attacks, such as APTs [6,39]. The use of deception-based attacks for some recent datasets, such as DAPT2020 [40] and Unraveled [41], targeted a general class of APT attacks, by simulating the threat vectors used in APT attacks. As the scale of web infrastructure and web technologies expands, it will become difficult for security researchers to generate real attack samples by using attack simulations. ...
... As the scale of web infrastructure and web technologies expands, it will become difficult for security researchers to generate real attack samples by using attack simulations. This research proposes complementing datasets such as DAPT2020 [40], and Unraveled [41], by generating fake attack data from real attack samples. GANs can create adversarial examples that mimic sophisticated attack techniques, as we have demonstrated in this research. ...
The web application market has shown rapid growth in recent years. The expansion of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) has created new web-based communication and sensing frameworks. Current security research utilizes source code analysis and manual exploitation of web applications, to identify security vulnerabilities, such as Cross-Site Scripting (XSS) and SQL Injection, in these emerging fields. The attack samples generated as part of web application penetration testing on sensor networks can be easily blocked, using Web Application Firewalls (WAFs). In this research work, we propose an autonomous penetration testing framework that utilizes Generative Adversarial Networks (GANs). We overcome the limitations of vanilla GANs by using conditional sequence generation. This technique helps in identifying key features for XSS attacks. We trained a generative model based on attack labels and attack features. The attack features were identified using semantic tokenization, and the attack payloads were generated using conditional sequence GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform, and it saves the significant effort invested in manual penetration testing.
... APTs are sophisticated and targeted attacks usually perpetrated by well-funded and organized groups. They involve long-term infiltration, espionage, and data exfiltration, with the aim of gaining unauthorized access to sensitive information [26]- [28]. ...
Organizational information security is a critical concern in today's interconnected and data-driven world. With the increasing frequency and sophistication of cyber threats, organizations face significant risks to the confidentiality, integrity, and availability of their sensitive information. This paper provides an overview of the key aspects and challenges related to organizational information security. It highlights the importance of implementing robust security measures, such as firewalls, intrusion detection systems, encryption technologies, and secure coding practices, to protect against external threats. It also demonstrates the need for continuous monitoring, threat intelligence sharing, and incident response capabilities to detect and respond to security incidents effectively. This survey shows importance of user awareness, training, and adherence to security policies and procedures. In addition, the significance of establishing a security-centric culture within organizations to mitigate the risk of insider threats and promote a strong security posture is discussed. The evolving threat landscape, including challenges associated with advanced persistent threats, zero-day vulnerabilities, and the security of emerging technologies such as IoT and AI are highlighted, together with the need for ongoing research and innovation to address these challenges and enhance the effectiveness of preventive measures.
... However, unfortunately, to the best of our knowledge, there is still no standard dataset about past APT attack cases. While there are existing datasets [83], [84], [85] that simulate APT attacks, they have several limitations. First, they are based on host and network logs, so they are dependent on a certain network environment. ...
Since cyberattacks have become sophisticated in the form of advanced persistent threats (APTs), predicting and defending the APT attacks have drawn lots of attention. Although there have been related studies such as attack graphs, Hidden Markov Models, and Bayesian networks, they have four representative limitations; (i) non-standard attack modeling, (ii) lack of data-driven approaches, (iii) absence of real-world APT dataset, and (iv) high system dependability. In this paper, we propose Bayesian ATT&CK Network (BAN) which is based on system-independent data-driven approach. Specifically, BAN is based on Bayesian network, which adopts structure learning and parameter learning to model APT attackers with the MITRE ATT&CK® framework. The trained BAN aims to predict upcoming attack techniques and derives corresponding countermeasures. In addition, we prepare datasets via both automatic and manual labeling to overcome the data insufficiency issues of APT prediction. Experimental results show that BAN successfully contributes to handling APT attacks, given the best parameters extracted from extensive evaluations.
