A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory
Bodström, T., & Hämäläinen, T. (2018). A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory. In X. Chen, A. Sen, W. W. Li, & M. T. Thai (Eds.), Computational Data and Social Networks : 7th International Conference, CSoNet 2018, December 18-20, 2018, Shanghai, China, Proceedings (pp. 498-509). Springer. Lecture Notes in Computer Science, 11280. https://doi.org/10.1007/978-3-030-04648-4_42
Published inLecture Notes in Computer Science
© Springer Nature Switzerland AG 2018.
Advanced Persistent Threat(APT) attacks are a major concern for the modern societal digital infrastructures due to their highly sophisticated nature. The purpose of these attacks varies from long period espionage in high level environment to causing maximal destruction for targeted cyber environment. Attackers are skilful and well funded by governments in many cases. Due to sophisticated methods it is highly important to study proper countermeasures to detect these attacks as early as possible. Current detection methods under-performs causing situations where an attack can continue months or even years in a targeted environment. We propose a novel method for analysing APT attacks through OODA loop and Black Swan theory by defining them as a multivector multi-stage attacks with continuous strategical ongoing campaign. Additionally it is important to notice that for developing better performing detection methods, we have to find the most common factor within these attacks. We can state that the most common factor of APT attacks is communication, thus environment has to be developed in a way that we are able to capture complete network flow and analyse it. ...
Parent publication ISBN978-3-030-04647-7
ConferenceInternational Conference on Computational Social Networks
Is part of publicationComputational Data and Social Networks : 7th International Conference, CSoNet 2018, December 18-20, 2018, Shanghai, China, Proceedings
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets Vahdani Amoli, Payam (University of Jyväskylä, 2015)Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast ...
Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks Ivannikova, Elena; Zolotukhin, Mikhail; Hämäläinen, Timo (Springer, 2017)With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, ...
Zolotukhin, Mikhail; Kokkonen, Tero; Hämäläinen, Timo; Siltanen, Jarmo (Advanced Institute of Convergence IT, 2016)Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate ...
Chernov, Sergey; Cochez, Michael; Ristaniemi, Tapani (IEEE, 2015)The Sleeping Cell problem is a particular type of cell degradation in Long-Term Evolution (LTE) networks. In practice such cell outage leads to the lack of network service and sometimes it can be revealed only after ...
Chernogorov, Fedor (University of Jyväskylä, 2015)This dissertation is devoted to development and validation of advanced per- formance monitoring system for existing and future cellular mobile networks. Knowledge mining techniques are employed for analysis of user speciﬁc ...