Towards proactive detection of advanced persistent threat (APT) attacks using honeypots

Abstract

The Advanced Persistent Threat (APT) attacks are special kind of slow moving attacks that are designed to defeat security controls using unique attack vectors and malware specifically developed for the target organization. Aim behind APT attacks is not to disrupt services but to steal valuable data and intellectual property. Therefore, timely detection of APT attack is very important. We believe that deception tools like honeypots can significantly increase the possibility of early detection of such sophisticated attacks. In this research effort, a framework is proposed in which Honeypot along with NIDS is used to actively alert the administrator and not leaving the detection of APT in the hands to administrator by correlating different network events. The proposed framework is also implemented to test effectiveness of the proposed technique.