Title :
Systems for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data Analysis
Author :
De Vries, Jelle ; Hoogstraaten, H. ; van den Berg, Jan ; Daskapan, Semir
Author_Institution :
Fox-IT, Delft, Netherlands
Abstract :
Cyber-attacks against companies and governments are increasing in complexity, persistence and numbers. Common intrusion detection methods lack the ability to detect such - what are commonly termed - advanced persistent threats. A new approach is needed that takes the stepwise characteristics of this type of threats into account and links analysis methods to attack features. This paper takes up this challenge. First, an analysis framework is proposed to relate complex attack attributes to detection and business aspects. Second, the framework is used to define a development roadmap for designing advanced intrusion detection systems, such systems can analyze network traffic and client data at multiple network locations using both signature and anomaly detection methods derived from the intelligent data analysis field. Third, a test case is provided showing the potential power of the proposed development roadmap.
Keywords :
client-server systems; computer network security; digital signatures; telecommunication traffic; account analysis method; anomaly detection method; business aspects; client data; cyber-attack attributes; intelligent data analysis; intrusion detection system design; link analysis method; network locations; network traffic analysis; persistent threat detection; signature detection method; advanced persistent threats; cyber security; development roadmap; intelligent data analysis; intrusion detection;
Conference_Titel :
Cyber Security (CyberSecurity), 2012 International Conference on
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4799-0219-4
DOI :
10.1109/CyberSecurity.2012.14
