Abstract
This research sheds light on the impact of user behavior on mobile that contributes to Advanced Persistent Threat (APT). Based on the research, there is a lack of understanding for APT derived from user behavior. User behavior can be defined as a user action performed on digital systems with or without malicious intent that leads to APT attacks. As a result, most Advanced Persistent Threat (APT) detection solutions failed to provide completeness and mitigate APT attacks. Therefore, this paper proposes a Mobile Advanced Persistent Threat detection based on a Device Behavior (SHOVEL) framework. This paper demonstrates how user behavior impacts Advanced Persistent Threat (APT) via social engineering attacks such as Spear phishing, watering hole, Repackaging the application, SQL injection, and Malware attacks. The proposed APT detection framework is a novel technique in the fight against APT that presents decision-making as self-adaptive, auto-predictive, and auto-reflective. Furthermore, it complies with Confidentiality, Integrity, and Availability (CIA) to protect sensitive information.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zulkefli Z, Mahinderjit Singh M (2020) Sentient-based access control model: a mitigation technique for advanced persistent threats in smartphones. J Inf Sec Appl 51. https://doi.org/10.1016/j.jisa.2019.102431
XLoader Disguises as Android Apps, Has FakeSpy Links, https://www.trendmicro.com/en_us/research/19/d/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy.html. Accessed on 29 Apr 2021
Tatam M, Shanmugam B, Azam S, Kannoorpatti K (2021) A review of threat modelling approaches for APT-style attacks
Alfred R, Lim Y, Asri A, Ibrahim A, Anthony P (2018) Lect Notes Electric Eng 481
Al-Shaer R, Spring JM, Christou E (2020) Learning the associations of MITRE ATT&CK adversarial techniques
2021 Cyber Security Statistics The Ultimate List of Stats, Data & Trends PurpleSec, https://purplesec.us/resources/cyber-security-statistics/. Accessed on 29 Apr 2021
Nguyen PH, Turkay C, Andrienko G, Andrienko N, Thonnard O, Zouaoui J (2019) Understanding user behaviour through action sequences: from the usual to the unusual. IEEE Trans Visual Comput Graph 25:2838–2852. https://doi.org/10.1109/TVCG.2018.2859969
McGough AS, Wall D, Brennan J, Theodoropoulos G, Ruck-Keene E, Arief B, Gamble C, Fitzgerald J, van Moorsel A, Alwis S (2015) Insider threats: Identifying anomalous human behaviour in heterogeneous systems using beneficial intelligent software (Ben-ware). In: MIST 2015—proceedings of the 7th ACM CCS international workshop on managing insider security threats, co-located with CCS 2015. Association for Computing Machinery, Inc, pp 1–12
Zulkefli Z, Singh MM, Malim NHAH (2015) Advanced persistent threat mitigation using multi-level security—access control framework. In: Lecture notes in computer science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer, pp 90–105
% Of Breaches Are Caused By Human Error, https://www.cybersecurityintelligence.com/blog/90-of-breaches-are-caused-by-human-error-4820.html. Accessed on 29 Apr 2021
Cybersecurity Statistics and Trends for 2021 Varonis, https://www.varonis.com/blog/cybersecurity-statistics/. Accessed on 29 Apr 2021
The Role of Human Error in Successful Cyber Security Breaches, https://blog.usecure.io/the-role-of-human-error-in-successful-cyber-security-breaches. Accessed on 29 Apr 2021
Fingerprinting_Footprinting, https://www.whitehatsec.com/glossary/content/fingerprintingfootprinting. Accessed on 29 Apr 2021
Sonderen T (2019) A manual for attack trees. Master Thesis University of Twente
MITRE ATT&CK Framework Definition & Examples Awake Security, https://awakesecurity.com/glossary/mitre-attck-framework/. Accessed on 29 Apr 2021
Sánchez PMS, Valero JMJ, Celdrán AH, Bovet G, Pérez MG, Pérez GM (2020) A survey on device behavior fingerprinting: data sources, techniques, application scenarios, and datasets. https://doi.org/10.1109/COMST.2021.3064259
Sharmeen S, Huda S, Abawajy JH, Ismail WN, Hassan MM (2018) Malware threats and detection for industrial mobile-IoT networks. IEEE Access 6:15941–15957. https://doi.org/10.1109/ACCESS.2018.2815660
Grobler M, Gaire R, Nepal S (2021) User, usage and usability: redefining human centric cyber security. Front Big Data 4. https://doi.org/10.3389/fdata.2021.583723
Hadlington L (2017) Human factors in cybersecurity; examining the link between [3_T D $ D I F F] internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon 3:346. https://doi.org/10.1016/j.heliyon.2017
Report R (2018) Stealth Mango & Tangelo Selling your fruits to nation state actors. Lookout (SECURITY RESEARCH REPORT)
Vo NNY, Liu S, He X, Xu G (2018) Multimodal mixture density boosting network for personality mining. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics). Springer, pp 644–655
Mcbride M, Carter L, Warkentin M (2012) Exploring the role of individual employee characteristics and personality on employee compliance with cybersecurity policies
CyCraft Classroom MITRE ATT&CK versus Cyber Kill Chain versus Diamond Model by CyCraft Technology Corp CyCraft Medium, https://medium.com/cycraft/cycraft-classroom-mitre-att-ck-vs-cyber-kill-chain-vs-diamond-model-1cc8fa49a20f. Accessed on 29 Apr 2021
Tactics, Techniques, and Procedures (TTPs) Azeria Labs, https://azeria-labs.com/tactics-techniques-and-procedures-ttps/. Accessed on 29 Apr 2021
Cyber Daily Report, Available: https://cyberdailyreport.com/blog/36. Accessed on 29 Apr 2021
MITRE ATT&CK®, Available: https://attack.mitre.org/. Accessed on 29 Apr 2021
Webb J, Ahmad A, Maynard SB, Shanks G (2016) J Inf Technol Theory Appl Found Intell Driven Inf Secur Risk Manage Syst
Yan X, Wang H (2020) Survey on zero-trust network security. In: Artificial intelligence and security (6th international conference, ICAIS 2020 Hohhot, China, July 17–20, 2020 Proceedings, Part I). Springer Nature Singapore Pte Ltd, pp 50–60
Ahmad A, Maynard SB, Desouza KC, Kotsias J, Whitty MT, Baskerville RL (2021) Cybersecurity incident response in organizations: an exploratory case study and process model of situation awareness. Comput Secur 101
Wang W, Zhao M, Gao Z, Xu G, Xian H, Li Y, Zhang X (2019) Constructing features for detecting android malicious applications: issues taxonomy and directions. . IEEE Access 7:67602–67631. https://doi.org/10.1109/ACCESS.2019.2918139
Pragmatic Thinking Novice vs Expert - DZone Agile, https://dzone.com/articles/pragmatic-thinking-novice-vs-0. Accessed on 29 Apr 2021
Albladi S, Weir G (2017) Personality traits and cyber-attack victimisation: multiple mediation analysis. https://ieeexplore.ieee.org/abstract/document/8260932/. https://doi.org/10.1109/CTTE.2017.8260932
Acknowledgements
This work was supported by the Fundamental Research Grant Scheme (FRGS), Ministry of Higher Education, Malaysia, under Grant FRGS 203.PKOMP.6711931.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Jabar, T., Singh, M.M., Al-Kadhimi, A.A. (2022). Mobile Advanced Persistent Threat Detection Using Device Behavior (SHOVEL) Framework. In: Alfred, R., Lim, Y. (eds) Proceedings of the 8th International Conference on Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 835. Springer, Singapore. https://doi.org/10.1007/978-981-16-8515-6_39
Download citation
DOI: https://doi.org/10.1007/978-981-16-8515-6_39
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-8514-9
Online ISBN: 978-981-16-8515-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)