Systems for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data Analysis

Abstract

Cyber-attacks against companies and governments are increasing in complexity, persistence and numbers. Common intrusion detection methods lack the ability to detect such - what are commonly termed - advanced persistent threats. A new approach is needed that takes the stepwise characteristics of this type of threats into account and links analysis methods to attack features. This paper takes up this challenge. First, an analysis framework is proposed to relate complex attack attributes to detection and business aspects. Second, the framework is used to define a development roadmap for designing advanced intrusion detection systems, such systems can analyze network traffic and client data at multiple network locations using both signature and anomaly detection methods derived from the intelligent data analysis field. Third, a test case is provided showing the potential power of the proposed development roadmap.