A systematic literature review on advanced persistent threat behaviors and its detection strategy-Reference-Cited by-同舟云学术

A systematic literature review on advanced persistent threat behaviors and its detection strategy

Published:2024-01-01 Issue:1 Volume:10 Page:
ISSN:2057-2085
Container-title:Journal of Cybersecurity
language:en
Short-container-title:

Author:

Che Mat Nur Ilzam¹^ORCID,Jamil Norziana²¹,Yusoff Yunus¹,Mat Kiah Miss Laiha³

Affiliation:

1. Institute of Informatics and Computing in Energy (IICE) and College of Computing and Informatics, University Tenaga Nasional , 43000 Kajang , Malaysia

2. College of IT, United Arab Emirates University , P.O. Box 15551, Al Ain, Abu Dhabi , UAE

3. Faculty of Computer Science and Information Technology, University of Malaya , 50603 Kuala Lumpur , Malaysia

Abstract

Abstract Advanced persistent threats (APTs) pose significant security-related challenges to organizations owing to their sophisticated and persistent nature, and are inimical to the confidentiality, integrity, and availability of organizational information and services. This study systematically reviews the literature on methods of detecting APTs by comprehensively surveying research in the area, identifying gaps in the relevant studies, and proposing directions for future work. The authors provide a detailed analysis of current methods of APT detection that are based on multi-stage attack-related behaviors. We adhered to the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines and conducted an extensive search of a variety of databases. A total of 45 studies, encompassing sources from both academia and the industry, were considered in the final analysis. The findings reveal that APTs have the capability to laterally propagate and achieve their objectives by identifying and exploiting existing systemic vulnerabilities. By identifying shortcomings in prevalent methods of APT detection, we propose integrating the multi-stage attack-related behaviors of APTs with the assessment of the presence of vulnerabilities in the network and their susceptibility to being exploited in order to improve the accuracy of their identification. Such an improved approach uses vulnerability scores and probability metrics to determine the probable sequence of targeted nodes, and visualizes the path of APT attacks. This technique of advanced detection enables the early identification of the most likely targets, which, in turn, allows for the implementation of proactive measures to prevent the network from being further compromised. The research here contributes to the literature by highlighting the importance of integrating multi-stage attack-related behaviors, vulnerability assessment, and techniques of visualization for APT detection to enhance the overall security of organizations.

Funder

UAEU

Ministry of Higher Education, Malaysia

Publisher

Oxford University Press (OUP)

Link

https://academic.oup.com/cybersecurity/article-pdf/10/1/tyad023/54934422/tyad023.pdf

Reference67 articles.

1. A novel search engine to uncover potential victims for APT investigations;Te Liu,2013

2. Expert knowledge and data analysis for detecting advanced persistent threats;Moya;Open Math,2017

3. A study on advanced persistent threat;Cinar,2018

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A novel approach for predicting the spread of APT malware in the network;Applied Intelligence;2024-09-11

2. A Detection Android Cybercrime Model utilizing Machine Learning Technology;Engineering, Technology & Applied Science Research;2024-08-02

3. Security Considerations in Generative AI for Web Applications;Advances in Information Security, Privacy, and Ethics;2024-07-26