Article

The Big Four - What We Did Wrong in Advanced Persistent Threat Detection?

Authors:

Nikos Virvilis,

Dimitris GritzalisAuthors Info & Claims

ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and Security

Pages 248 - 254

https://doi.org/10.1109/ARES.2013.32

Published: 02 September 2013 Publication History

Abstract

As both the number and the complexity of cyber-attacks continuously increase, it is becoming evident that current security mechanisms have limited success in detecting sophisticated threats. Stuxnet, Duqu, Flame and Red October have troubled the security community due to their severe complexity and their ability to evade detection - in some cases for several years. The significant technical and financial resources needed for orchestrating such complex attacks are a clear indication that perpetrators are well organized and, likely, working under a state umbrella. In this paper we perform a technical analysis of these advanced persistent threats, highlighting particular characteristics and identifying common patterns and techniques. We also focus on the issues that enabled the malware authors to evade detection from a wide range of security solutions and propose technical countermeasures for strengthening our defenses against similar threats.

Cited By

View all

Dorner CKlausner L(2024)If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat SystemsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670433(1-11)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670433
Gray JSgandurra DCavallaro LBlasco Alis J(2024)Identifying Authorship in Malicious Binaries: Features, Challenges & DatasetsACM Computing Surveys10.1145/365397356:8(1-36)Online publication date: 26-Mar-2024
https://dl.acm.org/doi/10.1145/3653973
Liu JLiu YLi JSun WCheng JZhang RHuang XPang J(2022)Two statistical traffic features for certain APT group identificationJournal of Information Security and Applications10.1016/j.jisa.2022.10320767:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.jisa.2022.103207
Show More Cited By

The Big Four - What We Did Wrong in Advanced Persistent Threat Detection?
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Trusted Computing vs. Advanced Persistent Threats: Can a Defender Win This Game?
UIC-ATC '13: Proceedings of the 2013 IEEE 10th International Conference on Ubiquitous Intelligence & Computing and 2013 IEEE 10th International Conference on Autonomic & Trusted Computing

As both the number and the complexity of cyber attacks continuously increase, it is becoming evident that traditional security mechanisms have limited success in detecting sophisticated threats. Stuxnet, Duqu, Flame, Red October and, more recently, ...
The Middle East under Malware Attack Dissecting Cyber Weapons
ICDCSW '13: Proceedings of the 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops

The Middle East is currently the target of an unprecedented campaign of cyber attacks carried out by unknown parties. The energy industry is particularly targeted. The attacks are carried out by deploying extremely sophisticated malware. The campaign ...
Combating advanced persistent threats

An advanced persistent threat (also known as APT) is a deliberately slow-moving cyberattack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and Security

September 2013

846 pages

ISBN:9780769550084

Publisher

IEEE Computer Society

United States

Publication History

Published: 02 September 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Dorner CKlausner L(2024)If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat SystemsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670433(1-11)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670433
Gray JSgandurra DCavallaro LBlasco Alis J(2024)Identifying Authorship in Malicious Binaries: Features, Challenges & DatasetsACM Computing Surveys10.1145/365397356:8(1-36)Online publication date: 26-Mar-2024
https://dl.acm.org/doi/10.1145/3653973
Liu JLiu YLi JSun WCheng JZhang RHuang XPang J(2022)Two statistical traffic features for certain APT group identificationJournal of Information Security and Applications10.1016/j.jisa.2022.10320767:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.jisa.2022.103207
Kumar RKela RSingh STrujillo-Rasua R(2022)APT attacks on industrial control systemsInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2022.10052137:COnline publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1016/j.ijcip.2022.100521
Abu Talib MNasir QBou Nassif AMokhamed TAhmed NMahfood B(2022)APT beaconing detectionComputers and Security10.1016/j.cose.2022.102875122:COnline publication date: 1-Nov-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102875
Chen PChen DZheng LLi JYang TLi GLi ZIdreos SSrivastava D(2021)Out of Many We are OneProceedings of the 2021 International Conference on Management of Data10.1145/3448016.3452784(261-273)Online publication date: 9-Jun-2021
https://dl.acm.org/doi/10.1145/3448016.3452784
Sun TTeodorov CRoux LGuerra EIovino L(2020)Operational design for advanced persistent threatsProceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings10.1145/3417990.3420044(1-10)Online publication date: 16-Oct-2020
https://dl.acm.org/doi/10.1145/3417990.3420044
Anton SLohfink ASchotten H(2019)Discussing the Feasibility of Acoustic Sensors for Side Channel-aided Industrial Intrusion DetectionProceedings of the Third Central European Cybersecurity Conference10.1145/3360664.3360667(1-4)Online publication date: 14-Nov-2019
https://dl.acm.org/doi/10.1145/3360664.3360667
Oak RDu MYan DTakawale HAmit ICavallaro LKinder JAfroz SBiggio BCarlini NElovici YShabtai A(2019)Malware Detection on Highly Imbalanced Data through Sequence ModelingProceedings of the 12th ACM Workshop on Artificial Intelligence and Security10.1145/3338501.3357374(37-48)Online publication date: 11-Nov-2019
https://dl.acm.org/doi/10.1145/3338501.3357374
Akinrolabu OAgrafiotis IErola A(2018)The challenge of detecting sophisticated attacksProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3233280(1-9)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3233280
Show More Cited By

Abstract

Cited By

Recommendations

Trusted Computing vs. Advanced Persistent Threats: Can a Defender Win This Game?

The Middle East under Malware Attack Dissecting Cyber Weapons

Combating advanced persistent threats

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations