A Behavioral Study of Advanced Security Attacks in Enterprise Networks

2021 IEEE International Conference on Computation System and Information Technology for Sustainable Solutions (CSITSS) Pub Date : 2021-12-16 DOI:10.1109/CSITSS54238.2021.9682903

M. Ashwini Kumari, K. Nandini Prasad

{"title":"A Behavioral Study of Advanced Security Attacks in Enterprise Networks","authors":"M. Ashwini Kumari, K. Nandini Prasad","doi":"10.1109/CSITSS54238.2021.9682903","DOIUrl":null,"url":null,"abstract":"Securing enterprise networks from cyber attacks has become one of the most paramount and daunting tasks for any organization or industry in recent times. Traditional cyber-attacks that use spam, adware or ransomware mostly target individual users with the purpose of making profit. On the other hand, advanced security attacks, also known as Advanced Persistent threats (APTs) are highly customized and sophisticated attacks which are carefully designed to target a specific company or organization. These attacks are more difficult to prevent, detect and mitigate since they are designed to evade the security measures available in the targeted organization. Such attacks not only involve a variety of tools but also employ a variety of tactics and techniques. This paper is an effort to study the various characteristics of APTs and categorize attack indicators into relevant groups for the purpose of comparison and evaluation. Finally, we summarize the effectiveness of employing these behavioral indicators in the detection of an on-going APT attack in an enterprise network.","PeriodicalId":252628,"journal":{"name":"2021 IEEE International Conference on Computation System and Information Technology for Sustainable Solutions (CSITSS)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Computation System and Information Technology for Sustainable Solutions (CSITSS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSITSS54238.2021.9682903","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Securing enterprise networks from cyber attacks has become one of the most paramount and daunting tasks for any organization or industry in recent times. Traditional cyber-attacks that use spam, adware or ransomware mostly target individual users with the purpose of making profit. On the other hand, advanced security attacks, also known as Advanced Persistent threats (APTs) are highly customized and sophisticated attacks which are carefully designed to target a specific company or organization. These attacks are more difficult to prevent, detect and mitigate since they are designed to evade the security measures available in the targeted organization. Such attacks not only involve a variety of tools but also employ a variety of tactics and techniques. This paper is an effort to study the various characteristics of APTs and categorize attack indicators into relevant groups for the purpose of comparison and evaluation. Finally, we summarize the effectiveness of employing these behavioral indicators in the detection of an on-going APT attack in an enterprise network.

查看原文本刊更多论文

企业网络高级安全攻击行为研究

最近，保护企业网络免受网络攻击已成为任何组织或行业最重要和最艰巨的任务之一。使用垃圾邮件、广告软件或勒索软件的传统网络攻击主要针对个人用户，目的是获利。另一方面，高级安全攻击，也称为高级持续性威胁(apt)，是一种高度定制的复杂攻击，经过精心设计，以特定公司或组织为目标。这些攻击更难以预防、检测和减轻，因为它们旨在逃避目标组织中可用的安全措施。此类攻击不仅涉及各种工具，而且采用各种战术和技术。本文旨在研究apt的各种特征，并将攻击指标进行分类，以便进行比较和评估。最后，我们总结了在企业网络中使用这些行为指标检测正在进行的APT攻击的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE International Conference on Computation System and Information Technology for Sustainable Solutions (CSITSS)

自引率

0.00%

发文量