Advertisement

A Technology for Detection of Advanced Persistent Threat in Networks and Systems Using a Finite Angular State Velocity Machine and Vector Mathematics

  • Gregory VertEmail author
  • Ann Leslie Claesson-Vert
  • Jesse Roberts
  • Erica Bott
Chapter

Abstract

The aim of this chapter is to apply an advanced journal-published state machine engine to the analysis of state variables that can detect the presence of Advanced Persistent Threat (APT) and other malware. The Finite Angular State Velocity Machine (FAST-VM) can model and analyze large amounts of state information over a temporal space. The ability to analyze and model large amounts of data over time is a key factor in detecting Advanced Persistent Threat. Experimentally, the FAST-VM has analyzed 10,000,000 state variable vectors in around 24 ms. This demonstrates the application of “big data” to the area of cyber security. The Finite Angular State Transition Velocity Machine (FAST-VM) has the capability to address these challenges and is based on previous published work with Spicule. It reduces the high order of state variable changes that have subtle changes in them over time to a threat analysis that is easy to comprehend and can also predict future threats. FAST-VM unifies the three major areas of IDS (anomaly, misuse, and specification) into a single model. The FAST-VM mathematical analysis engine has shown great computational possibilities in prediction, classification, and detection, but it has never been mapped to a system’s state variables. This technology seeks to determine how to map the state variables in a system to detect APT. Successful technology development in this area could dramatically affect all facets of computation, especially autonomous vehicles and networks. This chapter will present theory then application of this advanced technology.

References

  1. 1.
    Turner, J. (2016, September). Seeing the unseen—Detecting the advanced persistent threat [Webcast]. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/resources/wc-detecting-the-advanced-persistent-threat
  2. 2.
    Vert, G., Gonen, B., & Brown, J. (2014). A theoretical model for detection of advanced persistent threat in networks and systems using a finite angular state velocity machine (FAST-VM). International Journal of Computer Science and Application, 3(2), 63.CrossRefGoogle Scholar
  3. 3.
    Dell SecureWorks. (2016, September). Advanced persistent threats: Learn the ABCs of APTs – Part I. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/blog/advanced-persistent-threats-apt-a
  4. 4.
    Daly, M. K. (2009, November). Advanced persistent threat (or informational force operations). Usenix.Google Scholar
  5. 5.
    Ramsey, J. R. (2016). Who advanced persistent threat actors are targeting [Video]. Dell SecureWorks Insights. Retrieved from https://www.secureworks.com/resources/vd-who-apt-actors-are-targeting
  6. 6.
    Scarfone, K., & Mell, P. (2012). Guide to intrusion detection and prevention systems (IDPS) (pp. 800–894). Computer Security and Resource Center, National Institute of Standards and Technology.Google Scholar
  7. 7.
    Kareev, Y., Fiedler, K., & Avrahami, J. (2009). Base rates, contingencies, and prediction behavior. Journal of Experimental Psychology: Learning, Memory, and Cognition, 35(2), 371–380.Google Scholar
  8. 8.
    MacDonald, N. (2010, May). The future of information security is context aware and adaptive. Stamford, CT: Gartner Research.Google Scholar
  9. 9.
    Othman, Z. A., Baker, A. A., & Estubal, I. (2010, December). Improving signature detection classification model using features selection based on customized features. In 2010 10th international conference on intelligent systems design and applications (ISDA). doi:  10.1109/ISDA.2010.5687051
  10. 10.
    Eick, S., & Wills, G. (1993, October). Navigating large networks with hierarchies, In Proceedings Visualization Conference ‘93 (pp. 204–210), San Jose, CA.Google Scholar
  11. 11.
    Han, G., & Kagawa, K. (2012). Towards a web-based program visualization system using Web3D. In ITHET conference.Google Scholar
  12. 12.
    Bricken, J., & Bricken, W. (1992, September). A boundary notation for visual mathematics. In Proceedings of the 1992 IEEE workshop on Visual Languages (pp. 267–269).Google Scholar
  13. 13.
    Damballa, Inc. (2010). What’s an advanced persistent threat? [White Paper.] Damballa, Inc. Retrieved from https://www.damballa.com/downloads/r_pubs/advanced-persistent-threat.pdf
  14. 14.
    Erbacher, R., Walker, K., & Frincke, D. (2002, February). Intrusion and misuse detection in large-scale systems. In IEEE computer graphics and applications.Google Scholar
  15. 15.
    Vert, G., & Frincke, D. (1996). Towards a mathematical model for intrusions. In NISS conference.Google Scholar
  16. 16.
    Vert, G., Frincke, D. A., & McConnell, J. (1998). A visual mathematical model for intrusion detection. In Proceedings of the 21st NISSC conference, Crystal City, VA.Google Scholar
  17. 17.
    Vert, G., Chennamaneni, A., & Iyengar, S. S. (2012, July). A theoretical model for probability based detection and mitigation of malware using self organizing taxonomies, In SAM 2012, Las Vegas, NV.Google Scholar
  18. 18.
    Shuo, L., Zhao, J., & Wang, X. (2011, May). An adaptive invasion detection based on the variable fuzzy set. In 2011 international conference on network computing and information security (NCIS).Google Scholar
  19. 19.
    Hoque, M. S., Mukit, A., & Bikas, A. N. (2012). An implementation of intrusion detection system using genetic algorithm. International Journal of Network Security & ITS Applications (IJNSA), 4(2), 109–120.CrossRefGoogle Scholar
  20. 20.
    Vert, G., Gourd, J., & Iyengar, S. S. (2010, November). Application of context to fast contextually based spatial authentication utilizing the spicule and spatial autocorrelation. In: Air force global strike symposium cyber research workshop, Shreveport, LA.Google Scholar
  21. 21.
    Chandran, S., Hrudya, P., & Poornachandran, P. (2015). An efficient classification model for detecting advanced persistent threat. In 2015 international conference on advances in computing, communications and informatics (ICACCI) (p. 2003). doi: 10.1109/ICACCI.2015.7275911
  22. 22.
    Vert, G., & Triantaphyllou, E. (2009, July). Security level determination using branes for contextual based global processing: An architecture, In SAM’09 The 2009 international conference on security and management, Las Vegas, NV.Google Scholar
  23. 23.
    Vert, G., Harris, F., & Nasser, S. (2007). Modeling state changes in computer systems for security. International Journal of Computer Science and Network Security, 7(1), 267–274.Google Scholar
  24. 24.
    Vert, G., Harris, F., & Nasser, S. (2007). Spatial data authentication using mathematical visualization. International Journal of Computer Science and Network Security, 7(1), 267.Google Scholar
  25. 25.
    Song, H. M., Kim, H. R., & Kim, H. K. (2016). Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network. In 2016 international conference on information networking (ICOIN).Google Scholar
  26. 26.
    Lee, S. M., Kim, D. S., & Park, J. S. (2007). A hybrid approach for real-time network intrusion detection systems. In 2007 international conference on computational intelligence and security (CIS 2007).Google Scholar
  27. 27.
    Karthikeyan, K., & Indra, A. (2010). Intrusion detection tools and techniques—A survey. International Journal of Computer Theory and Engineering, 2(6), 901–906.Google Scholar
  28. 28.
    Mitchell, R., & Ing-Ray, C. (2015). Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Transactions on Dependable and Secure Computing, 12, 1.CrossRefGoogle Scholar
  29. 29.
    Mitchell, R., & Ing-Ray, C. (2012). Specification based intrusion detection for unmanned aircraft systems. In Proceedings of the first ACM MobiHoc workshop on airborne networks and communications—Airborne ‘12.Google Scholar
  30. 30.
    Bacs, A., Giuffrida, C., Grill, B., & Bos, H. (2016). Slick. In Proceedings of the 31 st annual ACM symposium on applied computing – SAC ‘16. Computer Science and Network Security, 7(1), 293–295. January 2007.Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Gregory Vert
    • 1
    Email author
  • Ann Leslie Claesson-Vert
    • 2
  • Jesse Roberts
    • 1
  • Erica Bott
    • 1
  1. 1.College of Security and Intelligence, Embry-Riddle Aeronautical UniversityPrescottUSA
  2. 2.School of Nursing, College of Health and Human Services, Northern Arizona UniversityFlagstaffUSA

Personalised recommendations