A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory
Bodström, T., & Hämäläinen, T. (2018). A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory. In X. Chen, A. Sen, W. W. Li, & M. T. Thai (Eds.), Computational Data and Social Networks : 7th International Conference, CSoNet 2018, December 18-20, 2018, Shanghai, China, Proceedings (pp. 498-509). Springer. Lecture Notes in Computer Science, 11280. https://doi.org/10.1007/978-3-030-04648-4_42
Julkaistu sarjassa
Lecture Notes in Computer SciencePäivämäärä
2018Tekijänoikeudet
© Springer Nature Switzerland AG 2018.
Advanced Persistent Threat(APT) attacks are a major concern for the modern societal digital infrastructures due to their highly
sophisticated nature. The purpose of these attacks varies from long period espionage in high level environment to causing maximal destruction
for targeted cyber environment. Attackers are skilful and well funded by
governments in many cases. Due to sophisticated methods it is highly
important to study proper countermeasures to detect these attacks as
early as possible. Current detection methods under-performs causing situations where an attack can continue months or even years in a targeted
environment. We propose a novel method for analysing APT attacks
through OODA loop and Black Swan theory by defining them as a multivector multi-stage attacks with continuous strategical ongoing campaign.
Additionally it is important to notice that for developing better performing detection methods, we have to find the most common factor within
these attacks. We can state that the most common factor of APT attacks
is communication, thus environment has to be developed in a way that
we are able to capture complete network flow and analyse it.
...
Julkaisija
SpringerEmojulkaisun ISBN
978-3-030-04647-7Konferenssi
International Conference on Computational Social NetworksKuuluu julkaisuun
Computational Data and Social Networks : 7th International Conference, CSoNet 2018, December 18-20, 2018, Shanghai, China, ProceedingsISSN Hae Julkaisufoorumista
0302-9743Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/28767782
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Anomaly Detection Algorithms for the Sleeping Cell Detection in LTE Networks
Chernov, Sergey; Cochez, Michael; Ristaniemi, Tapani (IEEE, 2015)The Sleeping Cell problem is a particular type of cell degradation in Long-Term Evolution (LTE) networks. In practice such cell outage leads to the lack of network service and sometimes it can be revealed only after ... -
Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets
Vahdani Amoli, Payam (University of Jyväskylä, 2015)Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast ... -
Anomaly-based network intrusion detection systems : problems and challanges
Paananen, Harri (2010) -
Dimensionality reduction framework for detecting anomalies from network logs
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ... -
Detecting cellular network anomalies using the knowledge discovery process
Chernov, Sergey (University of Jyväskylä, 2015)Analytical companies unanimously forecast the exponential growth of mobile traffic consumption over the next five years. The densification of a network structure with small cells is regarded as a key solution to meet growing ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.