TY - GEN
T1 - Automatic recognition of advanced persistent threat tactics for enterprise security
AU - Zou, Qingtian
AU - Singhal, Anoop
AU - Sun, Xiaoyan
AU - Liu, Peng
PY - 2020/3/16
Y1 - 2020/3/16
N2 - Advanced Persistent Threats (APT) has become the concern of many enterprise networks. APT can remain undetected for a long time span and lead to undesirable consequences such as stealing of sensitive data, broken workflow, and so on. To achieve the attack goal, attackers usually leverage specific tactics that utilize a variety of techniques. This paper explores the recognition of APT tactics through synthesized analysis and correlation of data from various sources.We propose a framework for detecting the APT tactics and discuss the application of different APT technique identification methods. Our framework can be used by the security analysts for effective detection of APT attacks. The evaluation of our approach shows that it can detect APT tactics with high accuracy and low false positive rate. Therefore, it can be used for tactic-centric APT detection and effective implementation of cyber security response operations.
AB - Advanced Persistent Threats (APT) has become the concern of many enterprise networks. APT can remain undetected for a long time span and lead to undesirable consequences such as stealing of sensitive data, broken workflow, and so on. To achieve the attack goal, attackers usually leverage specific tactics that utilize a variety of techniques. This paper explores the recognition of APT tactics through synthesized analysis and correlation of data from various sources.We propose a framework for detecting the APT tactics and discuss the application of different APT technique identification methods. Our framework can be used by the security analysts for effective detection of APT attacks. The evaluation of our approach shows that it can detect APT tactics with high accuracy and low false positive rate. Therefore, it can be used for tactic-centric APT detection and effective implementation of cyber security response operations.
UR - http://www.scopus.com/inward/record.url?scp=85082528801&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85082528801&partnerID=8YFLogxK
U2 - 10.1145/3375708.3380314
DO - 10.1145/3375708.3380314
M3 - Conference contribution
T3 - IWSPA 2020 - Proceedings of the 6th International Workshop on Security and Privacy Analytics
SP - 43
EP - 52
BT - IWSPA 2020 - Proceedings of the 6th International Workshop on Security and Privacy Analytics
PB - Association for Computing Machinery, Inc
T2 - 6th ACM International Workshop on Security and Privacy Analytics, IWSPA 2020
Y2 - 18 March 2020
ER -