Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks. (January 2023)
- Record Type:
- Journal Article
- Title:
- Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks. (January 2023)
- Main Title:
- Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks
- Authors:
- Park, Na-Eun
Lee, Yu-Rim
Joo, Soyoung
Kim, So-Yeon
Kim, So-Hui
Park, Ju-Young
Kim, Seo-Yi
Lee, Il-Gu - Abstract:
- Highlights: An advanced persistent threat (APT) fast detection and response technique is proposed. The proposed technique incorporates Google Rapid Response (GRR) and auditbeat. It improves the efficiency of existing endpoint information protection systems. It also detects the APT attack process at an early stage and facilitates rapid response. Abstract: After the COVID-19 pandemic, cyberattacks are increasing as non-face-to-face environments such as telecommuting and telemedicine proliferate. Cyberattackers exploit vulnerabilities in remote systems and endpoint devices in major enterprises and infrastructures. To counter these attacks, fast detection and response are essential because advanced persistent threat (APT) attacks intelligently infiltrate endpoint devices for long periods and spread to large-scale environments. However, because conventional security systems are signature-based, fast detection of APT attacks is challenging, and it is difficult to respond flexibly to the environment. In this study, we propose an APT fast detection and response technique using open-source tools that improves the efficiency of existing endpoint information protection systems and swiftly detects the APT attack process. Performance test results based on realistic scenarios using the open-source APT attack library and MITER ATT&CK indicated that fast detection was possible with higher accuracy for the early stages of APT attacks in scenarios where endpoint attack detectors areHighlights: An advanced persistent threat (APT) fast detection and response technique is proposed. The proposed technique incorporates Google Rapid Response (GRR) and auditbeat. It improves the efficiency of existing endpoint information protection systems. It also detects the APT attack process at an early stage and facilitates rapid response. Abstract: After the COVID-19 pandemic, cyberattacks are increasing as non-face-to-face environments such as telecommuting and telemedicine proliferate. Cyberattackers exploit vulnerabilities in remote systems and endpoint devices in major enterprises and infrastructures. To counter these attacks, fast detection and response are essential because advanced persistent threat (APT) attacks intelligently infiltrate endpoint devices for long periods and spread to large-scale environments. However, because conventional security systems are signature-based, fast detection of APT attacks is challenging, and it is difficult to respond flexibly to the environment. In this study, we propose an APT fast detection and response technique using open-source tools that improves the efficiency of existing endpoint information protection systems and swiftly detects the APT attack process. Performance test results based on realistic scenarios using the open-source APT attack library and MITER ATT&CK indicated that fast detection was possible with higher accuracy for the early stages of APT attacks in scenarios where endpoint attack detectors are interworking environments. Graphical abstract: Image, graphical abstract … (more)
- Is Part Of:
- Computers & electrical engineering. Volume 105(2023)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 105(2023)
- Issue Display:
- Volume 105, Issue 2023 (2023)
- Year:
- 2023
- Volume:
- 105
- Issue:
- 2023
- Issue Sort Value:
- 2023-0105-2023-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-01
- Subjects:
- Advanced persistent threat -- Fast detection -- MITER ATT&CK -- Open-source EDR -- Finite state machine -- Network security
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2022.108548 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 25029.xml