DocumentCode
2998067
Title
Targeted attacks detection with SPuNge
Author
Balduzzi, Marco ; Ciangaglini, Vincenzo ; McArdle, Robert
fYear
2013
fDate
10-12 July 2013
Firstpage
185
Lastpage
194
Abstract
Over the past several years there has been a noticeable rise in the number of reported targeted attacks, which are also commonly referred to as advanced persistent threats (APTs). This is seen by security experts as a landscape shift from a world dominated by widespread malware that infect indiscriminately, to a more selectively targeted approach with higher gain. One thing that is clear about targeted attacks is that they are difficult to detect, and not much research has been conducted so far in detecting these attacks. In this paper, we propose a novel system called SPuNge that processes threat information collected on the users´ side to detect potential targeted attacks for further investigation. We use a combination of clustering and correlation techniques to identify groups of machines that share a similar behavior with respect to the malicious resources they access and the industry in which they operate (e.g., oil & gas). We evaluated our system against real data collected by an antivirus vendor from over 20 million customers installations worldwide. Our results show that our approach works well in practice and is helpful in assisting security analysts in cybercrime investigations.
Keywords
computer crime; invasive software; pattern clustering; APT; SPuNge; advanced persistent threat; clustering technique; correlation technique; cybercrime investigation; malicious resources; malware; security analysts; targeted attacks detection; Clustering algorithms; Industries; Malware; Measurement; Organizations; Servers;
fLanguage
English
Publisher
ieee
Conference_Titel
Privacy, Security and Trust (PST), 2013 Eleventh Annual International Conference on
Conference_Location
Tarragona
Type
conf
DOI
10.1109/PST.2013.6596053
Filename
6596053
Link To Document