A technical characterization of APTs by leveraging public resources-Reference-Cited by-同舟云学术

A technical characterization of APTs by leveraging public resources

Published:2023-06-15 Issue:6 Volume:22 Page:1567-1584
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

González-Manzano Lorena,de Fuentes José M.,Lombardi Flavio,Ramos Cristina

Abstract

AbstractAdvanced persistent threats (APTs) have rocketed over the last years. Unfortunately, their technical characterization is incomplete—it is still unclear if they are advanced usages of regular malware or a different form of malware. This is key to develop an effective cyberdefense. To address this issue, in this paper we analyze the techniques and tactics at stake for both regular and APT-linked malware. To enable reproducibility, our approach leverages only publicly available datasets and analysis tools. Our study involves 11,651 regular malware and 4686 APT-linked ones. Results show that both sets are not only statistically different, but can be automatically classified with F1 > 0.8 in most cases. Indeed, 8 tactics reach F1 > 0.9. Beyond the differences in techniques and tactics, our analysis shows thats actors behind APTs exhibit higher technical competence than those from non-APT malwares.

Funder

Universidad Carlos III

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

https://link.springer.com/content/pdf/10.1007/s10207-023-00706-x.pdf

Reference54 articles.

1. Daly, M.K.: Advanced persistent threat. Usenix 4(4), 2013–2016 (2009)

2. Lake, J.: What is an advanced persistent threat (APT), with examples [Online] (2022). https://www.comparitech.com/blog/information-security/advanced-persistent-threat/. Last accessed May

3. Kaspersky. Advanced Persistent Threats in 2020: abuse of personal information and more sophisticated attacks are coming [Online]. https://www.kaspersky.com/about/press-releases/2019_advanced-persistent-threats-in-2020-abuse-of-personal-informationand-more-sophisticated-attacks-are-coming. Last accessed May 2022

4. Smiliotopoulos, C., Barmpatsalou, K., Kambourakis, G.: Revisiting the detection of lateral movement through Sysmon. Appl. Sci. 12(15), 7746 (2022)

5. Berady, A., Jaume, M., Tong, V.V.T., Guette, G.: From TTP to IoC: advanced persistent graphs for threat hunting. IEEE Trans. Netw. Serv. Manage. 18(2), 1321–1333 (2021)

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. APT-scope: A novel framework to predict advanced persistent threat groups from enriched heterogeneous information network of cyber threat intelligence;Engineering Science and Technology, an International Journal;2024-09

2. The awareness of operators: a goal-directed task analysis in SOCs for critical infrastructure;International Journal of Information Security;2024-07-19

3. Detecting APT Using Machine Learning: Comparative Performance Analysis With Proposed Model;SoutheastCon 2024;2024-03-15

4. Detecting lateral movement: A systematic survey;Heliyon;2024-02

5. Unraveling Network-Based Pivoting Maneuvers: Empirical Insights and Challenges;Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering;2024