Feature-based Systematic Analysis of Advanced Persistent Threats

AI, Computer Science and Robotics Technology Pub Date : 2023-05-23 DOI:10.5772/acrt.21

M. Miguez, Bahman Sassani (Sarrafpour)

{"title":"Feature-based Systematic Analysis of Advanced Persistent Threats","authors":"M. Miguez, Bahman Sassani (Sarrafpour)","doi":"10.5772/acrt.21","DOIUrl":null,"url":null,"abstract":"Advanced Persistent Threats (APT) and Targeted Attacks (TA) targeting high-value organizations continue to become more common. These slow (sometimes carried on over the years), fragmented, distributed, seemingly unrelated, very sophisticated, highly adaptable, and, above all, stealthy attacks have existed since the large-scale popularization of computing in the 1990s and have intensified during the 2000s. The aim of attackers has expanded from espionage to attaining financial gain, creating disruption, and hacktivism. These activities have a negative impact on the targets, many times costing significant amounts of money and destabilizing organizations and governments. The resounding goal of this research is to analyze previous academic and industrial research of 72 major APT attacks between 2008 and 2018, using 12 features, and propose a categorization based on the targeted platform, the time elapsed to discovery, targets, type, purpose, propagation methods, and derivative attacks. This categorization provides a view of the effort of the attackers. It aims to help focus the design of intelligent detection systems on increasing the percentage of discovered and stopped attacks.","PeriodicalId":431659,"journal":{"name":"AI, Computer Science and Robotics Technology","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"AI, Computer Science and Robotics Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5772/acrt.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Advanced Persistent Threats (APT) and Targeted Attacks (TA) targeting high-value organizations continue to become more common. These slow (sometimes carried on over the years), fragmented, distributed, seemingly unrelated, very sophisticated, highly adaptable, and, above all, stealthy attacks have existed since the large-scale popularization of computing in the 1990s and have intensified during the 2000s. The aim of attackers has expanded from espionage to attaining financial gain, creating disruption, and hacktivism. These activities have a negative impact on the targets, many times costing significant amounts of money and destabilizing organizations and governments. The resounding goal of this research is to analyze previous academic and industrial research of 72 major APT attacks between 2008 and 2018, using 12 features, and propose a categorization based on the targeted platform, the time elapsed to discovery, targets, type, purpose, propagation methods, and derivative attacks. This categorization provides a view of the effort of the attackers. It aims to help focus the design of intelligent detection systems on increasing the percentage of discovered and stopped attacks.

查看原文本刊更多论文

基于特征的高级持续威胁系统分析

针对高价值组织的高级持续性威胁(APT)和针对性攻击(TA)变得越来越普遍。这些缓慢的(有时持续数年)、碎片化的、分布式的、看似无关的、非常复杂的、高度适应性的、最重要的是，隐秘的攻击自20世纪90年代大规模普及计算以来就存在，并在21世纪初愈演愈烈。攻击者的目标已经从间谍活动扩展到获取经济利益、制造破坏和黑客行动主义。这些活动会对目标产生负面影响，很多时候会耗费大量资金，破坏组织和政府的稳定。本研究的目标是分析2008年至2018年期间的72次主要APT攻击的学术和行业研究，使用12个特征，并根据目标平台，发现时间，目标，类型，目的，传播方法和衍生攻击提出分类。这种分类提供了攻击者工作的视图。它旨在帮助智能检测系统的设计集中在提高发现和阻止攻击的百分比上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

AI, Computer Science and Robotics Technology

自引率

0.00%

发文量