Home // EMERGING 2015, The Seventh International Conference on Emerging Networks and Systems Intelligence // View article

Detection of Advanced Persistent Threats Using System and Attack Intelligence

Authors:
Alberto Redondo Hernández
Aitor Couce Vieira
Siv Hilde Houmb

Keywords: Malware; APT; Monitoring System; Intrusion Detection System; Intrusion Prevention Systems; Cybersecurity

Abstract:
Cyber attacks have evolved from being mostly harmless to sophisticated and devastating Advanced Persistent Threats (APT), such as the Stuxnet or Aurora attacks. APTs have the capabilities to stop business operations and cause physical damage to plants and equipment. This is a serious threat to Industrial Control Systems common in critical infrastructures such as pipelines, refineries, electrical grids or nuclear plants. This paper discusses why existing cyber attack detection technologies and solutions are not able to detect APTs, and makes use of a flawed detection paradigm based on prior knowledge of attacks. This paper also introduces a novel approach to detect APTs that is based on deep monitoring over large time intervals combined with correlation and analysis of monitored events over these time periods to detect indications of a cyber attack. The paper also provides an example of using the proposed approach to detect Stuxnet.

Pages: 91 to 94

Copyright: Copyright (c) IARIA, 2015

Publication date: July 19, 2015

Published in: conference

ISSN: 2326-9383

ISBN: 978-1-61208-422-0

Location: Nice, France

Dates: from July 19, 2015 to July 24, 2015