A DATA DRIVEN ANOMALY BASED BEHAVIOR DETECTION METHOD FOR ADVANCED PERSISTENT THREATS (APT)

ABSTRACT
Advanced Persistent Threats (APTs), represent sophisticated and enduring network intrusion campaigns targeting sensitive information from targeted organizations and operating over a long period. These types of threats are much harder to detect using signature-based methods. Anomaly-based methods consist of monitoring system activity to determine whether an observed activity is normal or abnormal. This is done according to heuristic or statistical analysis, and can be used to detect unknown attacks. Despite all significant research efforts, such techniques still suffer from a high number of false positive detections. Detecting APTs is complex because it tends to follow a “low and slow” attack profile that is very difficult to distinguish from normal, legitimate activity. The volume of data that must be analyzed is overwhelming. One technology that holds promise for detecting this kind of attack that is nearly invisible is Big data analytics. In this work, I propose a data-driven anomaly based behavior detection method which aims to leverage big data methods, and capable of processing significant amounts of data from diverse or several data sources. Big data analytics will significantly enhance or improve the detection capabilities, enabling the detection of Advanced Persistent Threats (APTs) activities that pass under the radar of traditional security solutions.

TABLE OF CONTENTS

ABSTRACT
LIST OF ABBREVIATIONS
LIST OF FIGURES AND TABLES

CHAPTER ONE
1INTRODUCTION
1.1    Background of the study
1.2    Objective of the research
1.3       Research statement
1.4    Structure of the work

CHAPTER TWO
LITERATURE REVIEW
2.1. What is an Advanced Persistent Threat?
2.2.   Tools and Methods used by the attackers
2.3. Traditional Security solutions
2.4. APT Life Cycle
2.5.   Model of operation of APT malware
2.6.   Command & Control Channels (C&C)
2.7. Research Direction
2.8. Related work

CHAPTER THREE
METHODOLOGY
3.1.   Big data and Big data analytics
3.2. Methodology
3.2.1. What is Anomaly Detection?
3.2.2. The Components of a Data-driven Anomaly-based Behavior Detection method for Advanced Persistent Threats (APT)

CHAPTER FOUR
IMPLEMENTATION AND EVALUATION
4.1. Big Data Analytics (Machine learning) based on network traces with full payloads
4.2. Big Data Analytics (Machine Learning) based on HTTP traffic
4.3. Environment for the Implementation
4.4. IMPLEMENTATION STAGES
4.4.1. Data Collection
4.4.2. Data Preprocessing
4.4.3. Model Creation via classification
4.4.4. Model Selection
4.4.5. Model Prediction and Evaluation

CHAPTER FIVE
CONCLUSIONS
5.1. Summary
5.2. Challenges
5.3. Future Work
REFERENCES


CHAPTER ONE

INTRODUCTION


1.1 Background of the study

With the rapid development of computer networks, new and sophisticated types of attacks have emerged which require novel and more sophisticated defense mechanisms. Advanced Persistent Threats (APTs) are one of the most fast-growing cyber security threats that organizations face today [12]. They are carried out by knowledgeable, very skilled and well-funded hackers, targeting sensitive information from specific organizations. The objective of an APT attack is to steal sensitive data from the targeted organization, to gain access to sensitive customer data, or to access strategic or important business information that could be used for financial gain, blackmail, embarrassment, data poisoning, “illegal insider trading or disrupting an organization’s business”

[30].   APT attackers target organizations in sectors with high-value information, such as national defense or military, manufacturing, and the financial industry.

The technologies and methods employed in APT attacks are stealthy and difficult to detect, for instance, they can employ “social engineering which involves tricking people into breaking normal security procedures” [13]. In addition, the APT intruders constantly change and refine their methods, including having insiders (those within the organization) who abuse legitimate access rights to manipulate and steal data.


Once hacking into the targeted network is successful, the intruder installs APT malware on the victim’s system. The attacker then is able to monitor and control the spread of malware and also remotely control the infected systems. This opens a channel through which they steal sensitive information from the victim’s system unknowingly to the owner, over a long period of time except if the malicious activity is detected. After the information of interest has been found the attacker gives a command to exfiltrate the information. This is usually done through a channel separate from the Command and Control (C&C) channel. To maintain access to the network the attacker continuously rewrites codes and employs sophisticated evasion methods. The frequency or the rate of such attacks and breaches highlights the fact that even the best Information Technology (IT) network perimeter defenses or traditional security solutions, including proxy, firewall, VPN, antivirus, and malware tools are unable to prevent the intrusions [Craig Richardson (http://data-informed.com/use-data-analytics-combat-advanced-persistent-threats)]. The data breach investigation report stated in Verizon [14] confirmed that, in 86% of the cases, evidence about the data breach was recorded in the organization logs but the traditional security solutions failed to raise security alarms. This is a signal that there is a need for other forms of security solutions in addition to the existing ones that would be better able to detect the activities of APTs. Detecting APTs is complex because it tends to follow a low and slow attack profile that is very difficult to differentiate from normal, legitimate activity. Thus, detection of this kind of attacks relies heavily on heuristics or human inspection...

For more Computer Science Projects click here
================================================================
Item Type: Project Material  |  Size: 76 pages  |  Chapters: 1-5
Format: MS Word   Delivery: Within 30Mins.
================================================================

Share:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Search for your topic here

See full list of Project Topics under your Department Here!

Featured Post

HOW TO WRITE A RESEARCH HYPOTHESIS

A hypothesis is a description of a pattern in nature or an explanation about some real-world phenomenon that can be tested through observ...

Popular Posts