Abstract
With the fast development of information technologies, many new variants of complicated network attacks, characterized by high covert, persistence, and diffusion, have made identifying and detecting such attacks increasingly difficult. Although many intrusion detection methods or products can help identify possible attack behaviors, it is still a challenging problem to detect complicated network attacks, such as the Advanced Persistent Threat (APT) attacks, which are composed of many single-step attacks. A portrait-based analysis method can provide a multi-view of the complicated attacks, such as the attack path and commonly adopted tools, thus can assist in improving the efficiency and accuracy of network attack detection. However, to the best of our knowledge, there does not exist such a profile system for these attacks. In our work, we first construct the attack profile model and define the expression specifications of attack profile data, then we establish the attack graph based on various types of attack element data, and ultimately generate the profile for different complicated attacks. Furthermore, we develop a multi-view profile system called CY-Apollo for different types of attacks. This system comprises four integral functional modules: data collection module, data preprocessing module, attack profile knowledge graph constructing module and attack profile knowledge management module. CY-Apollo gives the visualization of typical complicated network attacks from four different latitudes: attack principle view, panoramic event view, attack organization view and threat intelligence view, which can help industry professionals quickly understand, learn, and analyze existing complex and cross-domain attacks from multiple perspectives.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rivers, A.T., Vouk, M.A., Williams, L.A.: On coverage-based attack profiles. In: 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion, San Francisco, CA, USA, pp. 5–6 (2014). https://doi.org/10.1109/SERE-C.2014.15.
Maghrebi, H.: Assessment of common side channel countermeasures with respect to deep learning based profiled attacks. In: 2019 31st International Conference on Microelectronics (ICM), Cairo, Egypt, pp. 126–129 (2019). https://doi.org/10.1109/ICM48031.2019.9021728.
Barenghi, A., Fornaciari, W., Pelosi, G., Zoni, D.: Scramble suit: a profile differentiation countermeasure to prevent template attacks. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 39(9), 1778–1791 (2020). https://doi.org/10.1109/TCAD.2019.2926389
Alotaibi, F., Lisitsa, A.: Matrix profile for DDoS attacks detection. In: 2021 16th Conference on Computer Science and Intelligence Systems (FedCSIS), Sofia, Bulgaria, pp. 357–361 (2021). https://doi.org/10.15439/2021F114.
Li, P., Feng, Y., Kawamoto, J., Sakurai, K.: A proposal for cyber-attack trace-back using packet marking and logging. In: 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Fukuoka, Japan, pp. 603–607 (2016). https://doi.org/10.1109/IMIS.2016.89
Ling, Y., Yang, C., Li, X., Xie, M., Ming, S.: WEB attack source tracing technology based on genetic algorithm. In: 2022 7th International Conference on Cyber Security and Information Engineering (ICCSIE), Brisbane, Australia, pp. 123–126 (2022). https://doi.org/10.1109/ICCSIE56462.2022.00032
Li, Y., Liu, S., Yan, Z., Deng, R.H.: Secure 5G positioning with truth discovery, attack detection, and tracing. IEEE Internet Things J. 9(22), 22220–22229 (2022). https://doi.org/10.1109/JIOT.2021.3088852
Acknowledgments
This work is supported by the Major Key Project of PCL (Grant No. PCL2022A03).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gu, Z., Wang, H., Xiang, X., Zhou, K., Feng, W., Li, J. (2024). CY-Apollo: A Multi-view Profile System for Complicated Network Attacks. In: Song, X., Feng, R., Chen, Y., Li, J., Min, G. (eds) Web and Big Data. APWeb-WAIM 2023. Lecture Notes in Computer Science, vol 14334. Springer, Singapore. https://doi.org/10.1007/978-981-97-2421-5_33
Download citation
DOI: https://doi.org/10.1007/978-981-97-2421-5_33
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-2420-8
Online ISBN: 978-981-97-2421-5
eBook Packages: Computer ScienceComputer Science (R0)