Skip to main content

Proposed Approach for Targeted Attacks Detection

Part of the Lecture Notes in Electrical Engineering book series (LNEE,volume 362)


For years governments, organizations and companies have made great efforts to keep hackers, malware, cyber attacks at bay with different degrees of success. On the other hand, cyber criminals and miscreants produced more advanced techniques to compromise Internet infrastructure. Targeted attack or advanced persistent threat (APT) attack is a new challenge and aims to accomplish a specific goal, most often espionage. APTs are presently the biggest threat to governments and organizations. This paper states research questions and propose a novel approach to intrusion detection system processes network traffic and able to detect potential APT attack. This detection of APT attack is based on the correlation between the events which we get as outputs of our detection methods. Each detection method aims to detect one technique used in one of APT attack steps.


  • Cyber attacks
  • Targeted attacks
  • Advanced persistent threat
  • Malware
  • Intrusion detection system

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-24584-3_7
  • Chapter length: 8 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   389.00
Price excludes VAT (USA)
  • ISBN: 978-3-319-24584-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   499.99
Price excludes VAT (USA)
Hardcover Book
USD   499.99
Price excludes VAT (USA)
Fig. 1
Fig. 2


  1. Kshetri, N.: The global cybercrime industry: economic, institutional and strategic perspectives. Springer, Berlin (2010)

    Google Scholar 

  2. Wood, P., Nisbet, M., Egan, G., Johnston, N., Haley, K., Krishnappa, B., Tran, T. K., Asrar, I., Cox, O., Hittel, S., et al.: Symantec Internet Security Threat Report Trends for 2011, vol. XVII (2012)

    Google Scholar 

  3. Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)

    CrossRef  Google Scholar 

  4. Kaspersky Lab ZAO. Red October diplomatic cyber attacks investigation. Accessed 10-11-2014

  5. Mandiant Intelligence Center. Apt1: Exposing one of china’s cyber espionage units. Technical report, Mandiant, Tech. Rep (2013)

    Google Scholar 

  6. Rakes, T. R., Deane, J. K., Rees, L. P.: It security planning under uncertainty for high-impact events. Omega 40(1), 79–88 (2012)

    Google Scholar 

  7. Ronald, D., Rafal R.: Tracking ghostnet: Investigating a cyber espionage network. Inf. Warf. Monitor, p. 6 (2009)

    Google Scholar 

  8. Liu, S.T., Chen, Y. M., Lin, S. J.: A novel search engine to uncover potential victims for apt investigations. In: Network and Parallel Computing, pp. 405–416. Springer, Berlin (2013)

    Google Scholar 

  9. Thonnard, O., Bilge, L., O’Gorman, G., Kiernan, S., Lee, M.: Industrial espionage and targeted attacks: Understanding the characteristics of an escalating threat. In Research in Attacks, Intrusions, and Defenses, pp. 64–85. Springer, Berlin (2012)

    Google Scholar 

  10. Lee, M, Lewis, D.: Clustering disparate attacks: mapping the activities of the advanced persistent threat. In: Proceedings of the 21st Virus Bulletin International Conference, pp. 122–127 (October 2011)

    Google Scholar 

  11. Marco Balduzzi, Vincenzo Ciangaglini, and Robert McArdle. Targeted attacks detection with spunge (2013)

    Google Scholar 

  12. Bencsath, B., Pek, G., Buttyan, L., Felegyhazi, M.: Duqu: Analysis, detection, and lessons learned. In ACM European Workshop on System Security (EuroSec), vol. 2012 (2012)

    Google Scholar 

  13. Paxson, Vern: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435–2463 (1999)

    CrossRef  Google Scholar 

  14. Bro Project. The bro network security monitor. Accessed 10-11-2014

  15. Trend Micro white paper. The custom defense against targeted attacks. Accessed: 10-11-2014

  16. Blade defender. Accessed 10-11-2014

  17. Malware domain list. Accessed 10-11-2014

  18. Malware domains. Accessed 10-11-2014

  19. Palevo domain blocklist. domainblocklist. Accessed 10-11-2014

  20. Spyeye domain blocklist. Accessed 10-11-2014

  21. Zeus domain blocklist. Accessed 10-11-2014

  22. SSL blacklist a new weapon to fight malware and botnet. Accessed 10-11-2014

  23. Mandiant. Mandiant apt1 report appendix f update: SSL certificate hashes. Accessed 10-11-2014

  24. Malware domain list. Accessed 10-11-2014

  25. Palevo C&C ip blocklist. Accessed 10-11-2014

  26. Spyeye ip blocklist. Accessed 10-11-2014

  27. Zeus ip blocklist. Accessed: 10-11-2014

  28. Yadav, S., Reddy, A.K.K., Narasimha Reddy, A.L., Ranjan, S.: Detecting algorithmically generated domain flux attacks with DNS traffic analysis. IEEE/ACM Trans. Netw. 20(5), 1663–1677 (2012)

    CrossRef  Google Scholar 

  29. Tor Network Status. CSV list of all current tor server ip addresses. Accessed 10-11-2014

Download references


This work has been supported by the project “CYBER-2” funded by the Ministry of Defence of the Czech Republic under contract No. 1201 4 7110.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Ibrahim Ghafir .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Ghafir, I., Prenosil, V. (2016). Proposed Approach for Targeted Attacks Detection. In: Sulaiman, H., Othman, M., Othman, M., Rahim, Y., Pee, N. (eds) Advanced Computer and Communication Engineering Technology. Lecture Notes in Electrical Engineering, vol 362. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24582-9

  • Online ISBN: 978-3-319-24584-3

  • eBook Packages: EngineeringEngineering (R0)