Abstract
Recent technological innovations and new age computing models in IT infrastructure have provided faster bandwidth speeds, cloud computing, mobile computing and virtualization have virtually melted the boundaries between traditional on premise and internet based enterprise security perimeter. This has created a data-rich digital era, which is in fact an excellent opportunity for hackers and threat vectors leading to cybercrime. In fact, cybercrime has been progressing at the highest pace in last few years. Advanced Persistent Threat or APT is a highly sophisticated threat. Initially, such attacks focused and targeted government, state, or financial institutions only. However, recent breach reports and studies have started to indicate the trend of APT involving wider domains. This chapter takes a critical look at the impact and incidents due to advanced persistent threats and the advanced evasion techniques for packing, encryption, and behavior obfuscation during APT attacks to hide their malicious behavior and evade detection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
S. Abreu, A feasibility study on machine learning techniques for APT detection and protection in VANETs, in IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), London, United Kingdom, (2019). https://doi.org/10.1109/ICGS3.2019.8688031
A. Alshamrani, S. Myneni, A. Chowdhary, W. Huang, Survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutor. 21(2(Second Quarter 2019)), 1851–1877 (2019). https://doi.org/10.1109/COMST.2019.2891891
S. Chandel, M. Yan, S. Chen, H. Jiang, T. Ni, Threat intelligence sharing community: A countermeasure against advanced persistent threat, in IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), San Jose, CA, USA, (2019)
T. Fu, Y. Lu, W. Zhen, APT attack situation assessment model based on optimized BP neural network, in IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), Chengdu, China, (2019). https://doi.org/10.1109/ITNEC.2019.8729178
I. Ghafir, G. Kyriakopoulos, S. Lambotharan, J. Francisco, Hidden Markov models and alert correlations for the prediction of advanced persistent threats. IEEE Access 7, 99508–99520 (2019). https://doi.org/10.1109/ACCESS.2019.2930200
M. Gilban, How advanced persistent threats work (2019), https://xmcyber.com/how-advanced-persistent-threats-work/. Accessed 7 Feb 2020
J. Goldstein, What are Advanced Persistent Threats (APTs), and how do you find them? (2019), https://securityintelligence.com/posts/what-are-advanced-persistent-threats-apts-and-how-do-you-find-them. Accessed 5 Feb 2020
K.Z.N.W.E. KacyConnect, APT uses arsenal of tools to evade detection (2019), https://www.infosecurity-magazine.com/news/apt-uses-arsenal-of-tools-to-evade-1/. Accessed 10 Jan 2020
M. Kim, S. Dey, S. Lee, Ontology-driven security requirements recommendation for APT attack, in 2019 IEEE 27th international requirements engineering conference workshops (REW), Jeju Island, South Korea, (2019a). https://doi.org/10.1109/REW.2019.00032
Y. Kim, W. Dai, J. Bai, X. Gan, J. Wang, X. Wang, An intelligence-driven security-aware defense mechanism for advanced persistent threats. IEEE Trans. Inform. Forens. Secur. 14(3), 646–661 (2019b). https://doi.org/10.1109/TIFS.2018.2847671
P. Li, X. Yang, On dynamic recovery of cloud storage system under advanced persistent threats. IEEE Access 7, 103556–103569 (2019). https://doi.org/10.1109/ACCESS.2019.2932020
D. Liu, H. Zhang, H. Yu, X. Liu, X. Zhao, G. Lv, Research and application of APT attack defense and detection technology based on big data technology, in IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC), Beijing, China, (2019). https://doi.org/10.1109/ICEIEC.2019.8784483
Z. Ma, Q. Li, X. Meng, Discovering suspicious APT families through a large scale domain graph in information-centric IoT. IEEE Access 7, 13917–13926 (2019). https://doi.org/10.1109/ACCESS.2019.2894509
S. Milajerdi, R. Gjomemo, B. Eshete, R. Sekar, N. Venkatakrishnan, HOLMES: Real-time APT detection through correlation of suspicious information flows, in IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, (2019). https://doi.org/10.1109/SP.2019.00026
M. Nicho, C. McDermott, Dimensions of ‘socio’ vulnerabilities of advanced persistent threats, in 2019 IEEE International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia, (2019). https://doi.org/10.23919/SOFTCOM.2019.8903788
NIST Publishing APT Cyber Resilience Guidance in September (2019), https://www.meritalk.com/articles/nist-publishing-apt-cyber-resilience-guidance-in-september/. Accessed 21 Dec 2019
NIST Releases Final Public Draft SP 800-160 Vol. 2 (2019), https://csrc.nist.gov/News/2019/nist-releases-final-public-draft-sp-800-160-vol-2. Accessed 4 Nov 2019
C. Partridge, N. Hendee, From bear to vault: Designing a new protocol to extend the APT communications toolset, in IEEE International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, USA, (2018). https://doi.org/10.1109/CSCI46756.2018.00028
K. Radhakrishnan, R. Menon, H. Nath, A survey of zero-day malware attacks and its detection methodology, in IEEE TENCON Conference, Region 10, Kochi, India, (2019). https://doi.org/10.1109/TENCON.2019.8929620
J. Wu, M. Dong, K. Ota, J. Li, W. Yang, Sustainable secure management against APT attacks for intelligent embedded-enabled smart manufacturing. IEEE Trans. Sustain. Comput. 5, 341–352 (2019). https://doi.org/10.1109/TSUSC.2019.2913317
C. Xiong, T. Zhu, W. Dong, L. Ruan, R. Yang, Y. Chen, Y. Cheng, CONAN: A practical real-time APT detection system with high accuracy and efficiency, in IEEE Transactions on Dependable and Secure Computing (Early Access), (2020). https://doi.org/10.1109/TDSC.2020.2971484
L. Yang, P. Li, X. Yang, Y. Xiang, F. Jiang, W. Zhou, Effective quarantine and recovery scheme against advanced persistent threat, in IEEE Transactions on Systems, Man, and Cybernetics: Systems, Early Access, (2019a). https://doi.org/10.1109/TSMC.2019.2956860
L. Yang, P. Li, Y. Zhang, X. Yang, Y. Xiang, W. Zhou, Effective repair strategy against advanced persistent threat: A differential game approach. IEEE Trans. Inform. Forens. Secur. 14(7), 1713–1728 (2019b). https://doi.org/10.1109/TIFS.2018.2885251
H. Yu, A. Li, R. Jiang, Needle in a haystack: Attack detection from large-scale system audit, in IEEE 19th International Conference on Communication Technology (ICCT), Xi’an, China, (2019). https://doi.org/10.1109/ICCT46805.2019.8947201
H. Yuan, Y. Xia, J. Zhang, H. Yang, M. Mahmoud, Stackelberg: Game-based defense analysis against advanced persistent threats on cloud control system. IEEE Trans. Ind. Inform. 16, 1571–1580 (2020). https://doi.org/10.1109/TII.2019.2925035
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Bhardwaj, A. (2021). Cybersecurity Incident Response Against Advanced Persistent Threats (APTs). In: Bhardwaj, A., Sapra, V. (eds) Security Incidents & Response Against Cyber Attacks. EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-030-69174-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-69174-5_9
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-69173-8
Online ISBN: 978-3-030-69174-5
eBook Packages: EngineeringEngineering (R0)