ABSTRACT
The Advanced Persistent Threat (APT) attacks are special kind of slow moving attacks that are designed to defeat security controls using unique attack vectors and malware specifically developed for the target organization. Aim behind APT attacks is not to disrupt services but to steal valuable data and intellectual property. Therefore, timely detection of APT attack is very important. We believe that deception tools like honeypots can significantly increase the possibility of early detection of such sophisticated attacks. In this research effort, a framework is proposed in which Honeypot along with NIDS is used to actively alert the administrator and not leaving the detection of APT in the hands to administrator by correlating different network events. The proposed framework is also implemented to test effectiveness of the proposed technique.
- M. H. Almeshekah and E. H. Spafford. The case of using negative (deceiving) information in data protection. 2014.Google Scholar
- M. Attique. Install and configure snort hids with barnyard2, base and mysql on ubuntu. http://blog.muhammadattique.com/install-configure-snort-hids-barnyard2-base-mysql-ubuntu/.Google Scholar
- V. Bukac, V. Lorenc, and V. Maty. Red queens race: Apt win-win game. In Security Protocols XXII, pages 55--61. Springer, 2014.Google ScholarCross Ref
- P. Chen, L. Desmet, and C. Huygens. A study on advanced persistent threats. In Communications and Multimedia Security, pages 63--72. Springer, 2014.Google Scholar
- E. Cole. Advanced persistent threat: understanding the danger and how to protect your organization. Newnes, 2012. Google ScholarDigital Library
- ENISA. Enisa honeypot study - proactive detection of security incidents, 2012. http://www.enisa.europa.eu/activities/cert/support/proactive-detection/proactive-detection-of-security-incidents-II-honeypots.Google Scholar
- D. Fronimos, E. Magkos, and V. Chrissikopoulos. Evaluating low interaction honeypots and on their use against advanced persistent threats. In Proceedings of the 18th Panhellenic Conference on Informatics, PCI '14, pages 5:1--5:2, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
- R. Grimes. Honeypots for Windows. APress, 2004. Google ScholarDigital Library
- E. M. Hutchins, M. J. Cloppert, and R. M. Amin. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1: 80, 2011.Google Scholar
- R. JASEK, M. KOLARIK, and T. VYMOLA. Apt detection system using honeypots. In Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC'13), WSEAS Press, pages 25--29, 2013.Google Scholar
- I. Jeun, Y. Lee, and D. Won. A practical study on advanced persistent threats. In Computer Applications for Security, Control and System Engineering, pages 144--152. Springer, 2012.Google ScholarCross Ref
- krinoscybersecurity. Early detect apt via an internal honeypot network, 2014. http://www.krinoscybersecurity.com/early-detect-apts-via-an-internal-honeypot-network.Google Scholar
- M. Labs and M. F. P. Services. Protecting your critical assets lessons learned from operation aurora, 2010. http://www.wired.com/images-blogs/threatlevel/2010/03/operationaurora-wp-0310-fnl.pdf.Google Scholar
- M. Maisey. Moving to analysis-led cyber-security. Network Security, 2014(5): 5--1, 2014. http://www.sciencedirect.com/science/ARTICLE/pii/S135348581470Google ScholarCross Ref
- R. Mehresh. SCHEMES FOR SURVIVING ADVANCED PERSISTENT THREATS. PhD thesis, Faculty of the Graduate School of the University at Buffalo, State University of New York, 2013.Google Scholar
- L. Spitzner. Honeypots: Catching the insider threat. In Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pages 170--179. IEEE, 2003. Google ScholarDigital Library
- Symantic. Advanced persistent threats: A symantec perspective, Nov 2011. http://www.symantec.com/content/en/us/enterprise/white-papers/b-advanced-persistent-threats-WP-21215957.en-us.pdf.Google Scholar
- C. Tankard. Advanced persistent threats and how to monitor and deter them. Network security, 2011(8): 16--19, 2011.Google Scholar
- N. Virvilis, O. Serrano, and B. Vanautgaerden. Changing the game: The art of deceiving sophisticated attackers. In Cyber Conflict (CyCon 2014), 2014 6th International Conference On, pages 87--97, June 2014.Google ScholarCross Ref
Index Terms
- Towards proactive detection of advanced persistent threat (APT) attacks using honeypots
Recommendations
Honeypot detection in advanced botnet attacks
Botnets have become one of the major attacks in the internet today due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defence systems. Since honeypots set up by security ...
Intrusion detection system using honeypots and swarm intelligence
ACAI '11: Proceedings of the International Conference on Advances in Computing and Artificial IntelligenceAs the number and size of the Network and Internet traffic increase and the need for the intrusion detection grows in step to reduce the overhead required for the intrusion detection and diagnosis, it has made public servers increasingly vulnerable to ...
Heat-seeking honeypots: design and experience
WWW '11: Proceedings of the 20th international conference on World wide webMany malicious activities on the Web today make use of compromised Web servers, because these servers often have high pageranks and provide free resources. Attackers are therefore constantly searching for vulnerable servers. In this work, we aim to ...
Comments