ŞERİF BAHTİYAR

3811

A Flow Based Approach to Detect Advanced Persistent Threats in Communication Systems

The expansive usage of the Internet has set the stage for advanced persistent threats that has increased costs considerably in cyber space. Most of the time, entities exchange information and they are controlled remotely via many communication systems with a rich connectivity options on the Internet. Intruders accomplish advanced persistent threats by using such a rich connectivity options. These threats are extremely complex and they have unique features. Detecting such threats and corresponding attacks are therefore very difficult that circumstance makes classical intrusion detection systems impossible to deal with them. In this paper, a flow-based approach to detect advanced persistent threats is presented with a new model, namely FD-APT. The approach considers advanced persistent threats based attacks that are carried out with advanced malware. Moreover, FD-APT model distinguishes properties of malware types. The new approach is also analyzed with two case studies to highlight capabilities of FD-APT. The analyses results show that FD-APT helps to detect advanced persistent threats that are based on advanced malware.
Anahtar Kelimeler:

Security, Malware; Advanced persistent threat; Attack; Detection; Communication

PDF

___

  • [1] Lagazio, M., Sherif, N., Cushman, M. 2014. A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45, 58–74.
  • [2] Egele, M., Scholte, T., Kirda, E., Kruegel, C. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44(February 2012), 6:1–6:42.
  • [3] Mell, P. M., Kent, K., Nusbaum, J. 2005. Guide to Malware Incident Prevention and Handling., NIST SP, 800-83.
  • [4] Wood, P. 2016. Internet security threat report”, Tech. rep., Symantec Corporation.
  • [5] Bahtiyar, Ş. 2016. Anatomy of targeted attacks with smart malware. Security and Communication Networks, 9(18), 6215 – 6226.
  • [6] Han, X., Tan, Q. 2010. Dynamical behavior of computer virus on Internet. Applied Mathematics and Computation, 217(6), 2520–2526.
  • [7] Swain, B. 2009. What are malware, viruses, spyware, and cookies, and what differentiates them?. Symantec Tech. rep., 2009.
  • [8] Mishra, B. K., Pandey, S. K. 2011. Dynamic model of worms with vertical transmission in computer network. Applied Mathematics and Computation, 217(21), 8438–8446.
  • [9] Anonymous, 2017. Types of malware. Kaspersky Lab Technical Report. https://usa.kaspersky.com/internet-security-center/threats/types-of-malware#.WGQWiFOLTIV (Access: 13.12.2017)
  • [10] Anonymous, 2017. What is adware?. Kaspersky Lab Technical Report. https://usa.kaspersky.com/internet- security-center/threats/adware#.WGQsn1OLTIU. (Access: 13.12.2017)
  • [11] Li, Z., Goyal, A., Chen, Y., Paxson, V. 2011. Towards situational awareness of large-scale botnet probing events. IEEE Transactions on Information Forensics and Security, 6(1), 175–188.
  • [12] Kerr, P. K., Rollins, J., Theohary, C. A. 2010. The stuxnet computer worm: Harbinger of an emerging warfare capability. Technical Report.
  • [13] Bencsath, B., Pek, G., Gabor, L., Felegyhazi, M. 2011. Duqu: A stuxnet-like malware found in the wild. Technical Report.
  • [14] Anonymous, 2012. Stuxnet: Opening pandora’s box?, https://cmu95752.wordpress.com/tag/ stuxnet/, 2012 (Access: 24.02.2013)
  • [15] Combs, M. M. 2012. Impact of the stuxnet virus on industrial control systems. In XIII International forum Modern information society formation - problems, perspectives, innovation approaches, St.-Petersburg, RUSSIA, September 5–10.
  • [16] Anonymous, 2011. Duqu: The precursor to the next stuxnet, Symantec Technical Report. http://www.symantec.com/outbreak/?id=stuxnet (Access: 24.02.2013)
  • [17] Tangil, G. S., Tapiador, J. E., Lopez, P. P., Ribagorda, A. 2014. Evolution, Detection and Analysis of Malware for Smart Devices. IEEE Communications Surveys and Tutorials, 16(2), 961—987.
  • [18] Çetin, E. C. 2017. Identification and Automated Classification of Advanced Malware. BS Graduation Project, Istanbul Technical University, Department of Computer Engineering, İstanbul.
Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi-Cover
  • ISSN: 1300-7688
  • Yayın Aralığı: Yılda 3 Sayı
  • Başlangıç: 1995
  • Yayıncı: Süleyman Demirel Üniversitesi
Arşiv
Sayıdaki Diğer Makaleler

Eskişehir Ekolojisinde 0900 Ziraat Kiraz Çeşidine Uygun Tozlayıcıların Belirlenmesi

KEREM MERTOĞLU, YASEMİN EVRENOSOĞLU, Yasin ALTAY

St 22 Çeliğinin Derin Çekilebilirliğine Etki Eden Parametrelerin ANOVA ile Analizi

Erdoğan KANCA, Ali GÜNEN

Geri Adımlama Tekni˘gi ile Bir DC Motorun Konum ve Hız Kontrolü

Reşat Özgür DORUK, Ahmed ZUGLEM

Fusarik Asit ve Enniatin-A Mikotoksinlerinin İnsan Umblikal Ven Endotel Hücreleri (HUVEC) Üzerine Sitotoksik Etkilerinin Değerlendirilmesi

SEVCAN MAMUR

Dikloro [1-(2-metil-2-propenil)-3-(3,4,5-trimetoksibenzil) benzimidazol-2-iliden] piridin paladyum(II) Kompleksinin Sentezi, Yapısal Karakterizasyonu, Suzuki-Miyaura ve Mizoroki-Heck Eşleşme Tepkimelerindeki Katalitik Aktivitesi

NESLİHAN ŞAHİN

A Study on a Generalized Relaxed Curvature Energy Action

GÖZDE ÖZKAN TÜKEL, Ahmet YÜCESAN

Büyük Patlama – Büyük Çöküş Optimizasyon Yöntemi Kullanılarak Bluetooth Tabanlı İç Mekan Konum Belirleme Sisteminin Doğruluğunun İyileştirilmesi

Taner ARSAN

Chebyshev Spectral Collocation Method Approximation to Thermally Coupled MHD Equations

Önder TÜRK

Karışık Ürolitik Kültür ile Antrakinon Boyanın Kesikli Sistemde Biyosorpsiyonu, İzoterm ve Kinetik Çalışmaları

Hasan KOÇYİĞİT, Esra MANAV

Lazer ile Hızlandırılan Döteronlarla Füzyon-Fisyon Hedef Sisteminin İncelenmesi

Mehmet Emin KORKMAZ, Özgür CULFA