Skip to main content
SpringerLink
Log in

Defense-in-Depth Approach for Early Detection of High-Potential Advanced Persistent Attacks

  • Conference paper
  • First Online:
Soft Computing: Theories and Applications

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 742))

Abstract

Cyber security has gained high level of attention due to its criticality and increased sophistication on organizations network. There is more number of targeted attacks happening in recent years. Advanced Persistent Threats (APTs) are the most complex and highly sophisticated attack in present scenario. Due to the sophistication of these attacks, it can be able to bypass the deployed security controls and more stealthily infiltrate the targeted internal network. Detection of these attacks are very challenging because they treated normal behaviors to hide itself from traditional detection mechanism. In this paper, we analyze the 26 APT campaigns reports and shows the different methods and techniques that are used by attacker to perform the sophisticated attacks. Our research is mainly focused on the three levels of investigation of APT campaigns that give some common characteristics of them such as APT attack usage zero-day vulnerability or not. Furthermore, according to their characteristics, we propose a novel approach that is capable to early detection of APTs and also suggest concrete prevention mechanism that make it possible to identify the intrusions as early as possible.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mandiant: M-trends—a view from the front lines. Mandiant, Technical Report (2015)

    Google Scholar 

  2. Tankard, C.: Advanced persistent threats and how to monitor and deter them. 2011(8), 16–19 (2011)

    Google Scholar 

  3. Kaspersky Lab: ZAO. Red October diplomatic cyber-attacks investigation (2014). http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation

  4. Mandiant Intelligence Center: Apt1: exposing one of China’s cyber espionage units. Technical Report, Mandiant (2013)

    Google Scholar 

  5. Ronald, D., Rafal R.: Tracking ghost net: investigating a cyber-espionage network. Inf. Warf. Monitor, 6 (2009)

    Google Scholar 

  6. Thonnard, O., Bilge, L., O’Gorman, G., Kiernan, S., Lee, M.: Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat. In: Research in Attacks, Intrusions, and Defenses, pp. 64–85. Springer, Berlin (2012)

    Google Scholar 

  7. Chien, E., OMurchu, L., Falliere, N.: W32.Duqu: the precursor to the next stuxnet. In: 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Berkeley, CA, USENIX (2012). https://www.usenix.org/w32duqu-precursor-next-stuxnet

  8. TrendLabs: Spear-Phishing Email: Most Favored APT Attack Bait (2012)

    Google Scholar 

  9. Will Gragido: Lions at the watering hole the VOHO affair (2012). http://blogs.rsa.com/lions-at-the-watering-hole-the-voho-affair

  10. Haq, T., Khalid, Y.: Internet explorer 8 exploit found in watering hole campaign targeting Chinese dissidents (2013)

    Google Scholar 

  11. Kindlund, D., et al.: Operation Snowman: deputydog actor compromises US veterans of foreign wars website (2014)

    Google Scholar 

  12. Brewer, R.: Advanced persistent threats: minimising the damage. Netw. Secur. 4, 5–9 (2014)

    Article  Google Scholar 

  13. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)

    Article  Google Scholar 

  14. McAfee Labs: Protecting your critical assets: lessons learned from operation aurora (2010)

    Google Scholar 

  15. Uri Rivner: Anatomy of an attack (2011). https://blogs.rsa.com/anatomy-of-an-attack

  16. World most popular data breaches (2015). http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks

  17. Baumgartner, K., Raiu, C.: The Cozy-Duke APT, Kaspersky Lab, April 2015

    Google Scholar 

  18. Kaspersky Labs: Global Research and Analysis Team. miniduke-is-back-nemesis-gemina-and-the-botgen-studio, July 2014

    Google Scholar 

  19. Kaspersky Labs: Global Research & Analysis Team. The Darkhotel APT—a story of unusual hospitality, Nov 2014

    Google Scholar 

  20. Kaspersky Labs: Global Research & Analysis Team. turla-apt-exploiting-satellites, Sept 2015

    Google Scholar 

  21. Kaspersky Labs: Global Research & Analysis Team. epic-turla-snake-malware-attacks (2015)

    Google Scholar 

  22. Kaspersky Labs: Global Research & Analysis Team. Energetic bear: more like a Crouching Yeti, July 2014

    Google Scholar 

  23. Kaspersky Labs: Global Research & Analysis Team. Adwind: malware-as-a-service platform (2014)

    Google Scholar 

  24. Kaspersky Labs: Global Research & Analysis Team. New activity of the blue termite APT, August 2015

    Google Scholar 

  25. Kaspersky Labs: Global Research & Analysis Team. Sofacy APT hits high profile targets with updated toolset, Dec 2015

    Google Scholar 

  26. Kaspersky Labs: Global Research & Analysis Team. Equation: the death star of malware galaxy, Feb 2015

    Google Scholar 

  27. Kaspersky Labs: Global Research & Analysis Team. NetTraveler is back: the ‘red star’ APT returns with new tricks, Sept 2013

    Google Scholar 

  28. Kaspersky Labs: Global Research & Analysis Team. The Duqu 2.0, June 2015

    Google Scholar 

  29. Kaspersky Labs: Global Research & Analysis Team. Wild neutron—economic espionage threat actor returns with new tricks, July 2015

    Google Scholar 

  30. Kaspersky Labs: Global Research & Analysis Team. Winnti FAQ. More than just a game, April 2013

    Google Scholar 

  31. Kaspersky Labs: Global Research & Analysis Team. The desert falcosn targeted attacks, Feb 2015

    Google Scholar 

  32. Kaspersky Labs: Global Research & Analysis Team. Poseidon Group: a targeted attack boutique specializing in global cyber-espionage, Feb 2016

    Google Scholar 

  33. Kaspersky Labs: Global Research & Analysis Team. Mobile malware evolution: part 6, Feb 2013

    Google Scholar 

  34. Kaspersky Labs: Global Research & Analysis Team. BE2 custom plugins, router abuse, and target profiles, Nov 2014

    Google Scholar 

  35. Baumgartner, K., Golovkin, M.: The MsnMM campaigns—the earliest naikon APT campaigns, Kaspersky Lab, May 2015

    Google Scholar 

  36. Kaspersky Labs: Global Research & Analysis Team. The CozyDuke APT, April 2015

    Google Scholar 

  37. Kaspersky Labs: Global Research & Analysis Team. Cloud atlas: RedOctober APT is back in style, Dec 2014

    Google Scholar 

  38. Raiu, C., Golovkin, M.: The chronicles of the hellsing APT: the empire strikes back (2015). https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back

  39. Kaspersky Labs: Global Research & Analysis Team. The “Kimsuky” operation: a North Korean APTs, Sept 2013

    Google Scholar 

  40. Kaspersky Labs: Global Research & Analysis Team. Carbanak APT—the great bank robbery, Feb 2015

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering Department, Bundelkhand Institute of Engineering and Technology, Jhansi, India

    Ramchandra Yadav, Raghu Nath Verma & Anil Kumar Solanki

Authors
  1. Ramchandra Yadav
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raghu Nath Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anil Kumar Solanki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ramchandra Yadav .

Editor information

Editors and Affiliations

  1. Department of Physics, Amity School of Applied Sciences, Amity University Rajasthan, Jaipur, Rajasthan, India

    Kanad Ray

  2. Department of Computer Science and Engineering, Amity School of Engineering and Technology, Amity University Rajasthan, Jaipur, Rajasthan, India

    Tarun K. Sharma

  3. Department of Electronics and Communication Engineering, SEEC, Manipal University Jaipur, Jaipur, Rajasthan, India

    Sanyog Rawat

  4. Institute of Basic Science, Bundelkhand University, Jhansi, Uttar Pradesh, India

    R. K. Saini

  5. Advanced Key Technologies Division, Nano Characterization Unit, Surface Characterization Group, National Institute for Materials Science, Tsukuba, Ibaraki, Japan

    Anirban Bandyopadhyay

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yadav, R., Verma, R.N., Solanki, A.K. (2019). Defense-in-Depth Approach for Early Detection of High-Potential Advanced Persistent Attacks. In: Ray, K., Sharma, T., Rawat, S., Saini, R., Bandyopadhyay, A. (eds) Soft Computing: Theories and Applications. Advances in Intelligent Systems and Computing, vol 742. Springer, Singapore. https://doi.org/10.1007/978-981-13-0589-4_19

Download citation

Publish with us

Policies and ethics

Search

Navigation