Concept and difficulties of advanced persistent threats (APT): Survey

Document Type : Research Paper

Authors

Diyala University, Diyala, Iraq

Abstract

Previously confined to nation-states and associated institutions, dangers have increasingly penetrated the private and business sectors. Advanced Persistent Threats (APTs) are the type of threats that every government and established organization worries and seeks to counter. While state-sponsored APT assaults will always be more sophisticated, the increasing prevalence of APT strikes in the corporate sector complicates matters for corporations. Existing security solutions are becoming ineffective as attack tools and techniques evolve at a breakneck pace. While defenders attempt to safeguard every endpoint and connection in their networks, attackers come up with new ways to breach their targets' systems. In this scientific study, we will discuss the issue (APT) and what it includes in terms of obstacles or difficulties, as well as the current state of progress in this field. Additionally, we will present an overview of the most commonly used dataset support (APT) for algorithm assessment and highlight the approaches and strategies used.

Keywords

[1] D.A. Abdullah, Objective flow-shop scheduling using PSO algorithm, Diyala J. Pure Sci. 1 (2013) 140-–153.
[2] O. Adelaiye, A. Ajibola and S. Faki, Evaluating advanced persistent threats mitigation effects: A review, Int. J. Inf. Secur. Sci. 7(4) (2018) 159—171.
[3] D. Ahfock and G.J. McLachlan, Semi-supervised learning of classifiers from a statistical perspective: A brief review, arXiv, (2021) 1-–25.
[4] A. Aleroud and L. Zhou, Phishing environments, techniques, and countermeasures: A survey, Comput. Secur. 68 (2017) 160—196.
[5] A.K. Al Hwaitat, S. Manaseer and R.M.H. Al-Sayyed, A survey of digital forensic methods under advanced persistent threat in fog computing environment, J. Theor. Appl. Inf. Technol. 97(18) (2019) 4934—4954.
[6] S. Al Salami, J. Baek, K. Salah and E. Damiani, Lightweight encryption for smart home, Proc. - 2016 11th Int. Conf. Availability, Reliab. Secur. ARES (2016) 382-–388.
[7] A. Alshamrani, S. Myneni, A. Chowdhary and D. Huang, A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities, IEEE Commun. Surv. Tutorials 21(2) (2019) 1851—1877.
[8] G. Austin, Grading National Cybersecurity, Springer Handbooks, 2018.
[9] M. Auty, Anatomy of an advanced persistent threat, Netw. Secur. 2015(4) (2015) 13-–16.
[10] H. Bari, Protecting an Enterprise Network through the Deployment of Honeypot, Bangladesh University, Post Graduate Thesis, 2021.
[11] M.J. Baxter, A review of supervised and unsupervised pattern recognition in archaeometry, Archaeometry 48(4) (2006) 671-–694.
[12] A. Berady, V.V.T. Tong, G. Guette, C. Bidan and G. Carat, Modeling the operational phases of APT campaigns, Int. Conf. Comput. Sci. Comput. Intell. 2019, pp. 96–101.
[13] G. Brogi and V.V.T. Tong, TerminAPTor: Highlighting advanced persistent threats through information flow tracking, 8th IFIP Int. Conf. New Technol. Mobil. Secur. NTMS, 2016, pp. 1-–6.
[14] A.A. Cardenas, P.K. Manadhata and S.P. Rajan, Big data analytics for security, IEEE Secur. Privacy 11 (2013) 74–76.
[15] J. Chen, C. Su, K.H. Yeh and M. Yung, Special issue on advanced persistent threat, Futur. Gener. Comput. Syst. 79 (2018) 243-–246.
[16] C. C¸ ınar, M. Alkan, M. D¨orterler, I.A. Do˘gru, A study on advanced persistent threat, 3rd Int. Conf. Comput. Sci. Eng. (UBMK), 2018, pp. 116—121.
[17] N. De, Advanced Persistent Threats, 2015.
[18] B. Dimitrios, APT Methods for Passive and Active Portfolio Management, Msc Thesis in Banking and Financial Management, University of Piraeus, 2002.
[19] O. El Aissaoui, Y.E.A. El Madani, L. Oughdir and Y. El Allioui, Combining supervised and unsupervised machine learning algorithms to predict the learners’ learning styles, Procedia Comput. Sci. 148 (2019) 87-–96.
[20] E. Etuh, F.S. Bakpo and E.A. H, Social media network attacks and their preventive mechanisms: A review, CoRR (2021) 59—74.[21] N. Falliere, L.O. Murchu and E. Chien, W32. Stuxnet dossier: Symantec security response, Symantec Secur. Response, Version 1.4, (2011) 1—69.
[22] H. Geng, G. Geng, X. Gao and J. Ma, Dynamic defense strategy against advanced persistent threat with insiders, Trans. Nonferrous Met. Soc. China 5(3) (2015) 113-–118.
[23] I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie and F.J. Aparicio-Navarro, Detection of advanced persistent threat using machine-learning correlation analysis, Future Gen. Comput. Syst. 89 (2018) 349–359.
[24] P. Giura and W. Wang, A context-based detection framework for advanced persistent threats, Proc. 2012 ASE Int. Conf. Cyber Secur. CyberSecurity, 2012, pp. 69—74.
[25] W. Han, J. Xue, Y. Wang, F. Zhang and X. Gao, APTMalInsight: Identify and cognize APT malware based on system call information and ontology knowledge framework, Inf. Sci. 546 (2021) 633—664.
[26] M.M.H. Henchiri and S. Wani, Innovative architectural framework design for an effective machine learning based APT detection, Int. J. Digital Inf. Wireless Commun. 11(1) (2021) 12—22.
[27] M. Hund, ASEAN plus three: Towards a new age of pan-East Asian regionalism? A skeptic’s appraisal, Pacific Rev. 3(16) (2013) 383-–417.
[28] S. Hussain, M. Bin Ahmad and S.S.U. Ghouri, Advance persistent threat–A systematic review of literature and meta-analysis of threat vectors, Adv. Intell. Syst. Comput. 1158 (2021) 161-–178.
[29] C. Janiesch, P. Zschech and K. Heinrich, Machine learning and deep learning, Electron. Mark. 31(3) (2021) 685—695.
[30] I. Jeun, Y. Lee and D. Won, A practical study on advanced persistent threats, Commun. Comput. Inf. Sci. 339 (2012) 144-–152.
[31] W. Jiang, J. Chen, X. Ding, J. Wu, J. He and G. Wang, Review summary generation in online systems: frameworks for supervised and unsupervised scenarios, ACM Trans. Web 15(3) (2021) 1-–33.
[32] J.H. Joloudari, M. Haderbadi, A. Mashmool, M. Ghasemigol, S.S. Band and A. Mosavi, Early detection of the advanced persistent threat attack using performance analysis of deep learning, IEEE Access 8 (2020) 186125-–186137.
[33] A. Khalid, A. Zainal, M.A. Maarof and F.A. Ghaleb, Advanced persistent threat detection: A survey, 3rd Int. Cyber Resilience Conf. (CRC), IEEE, 2021, pp. 1–6.
[34] M.B. Khan, Advanced persistent threat: Detection and defense, arXiv, (2020).
[35] K. Krombholz, H. Hobel, M. Huber and E. Weippl, Advanced social engineering attacks, J. Inf. Secur. Appl. 22 (2015) 113-–122.
[36] A. Lemay, J. Calvet, F. Menet and J.M. Fernandez, Survey of publicly available reports on advanced persistent threat actors, Comput. Secur. 72 (2018) 26—59.
[37] M. Li, W. Huang, Y. Wang, W. Fan and J. Li, The study of APT attack stage model, IEEE/ACIS 15th Int. Conf. Comput. Inf. Sci. ICIS 2016, Proc. 2016, pp. 1—5.
[38] P. Li, X. Yang, Q. Xiong, J. Wen and Y.Y. Tang, Defending against the advanced persistent threat: An optimal control approach, Secur. Commun. Networks, 2018 (2018).
[39] S. Li, Q. Zhang, X. Wu, W. Han and Z. Tian, Attribution classification method of APT malware in IoT using machine learning techniques, Secur. Commun. Networks, 2021 (2021).
[40] R.P. Lippmann, R.K. Cunningham, D.J. Fried, I. Graf, K.R. Kendall, S.E. Webster and M.A. Zissman, Results of the DARPA 1998 offline intrusion detection evaluation, MIT Lincoln Laboratory, (1999).
[41] P. Mahadevan, Cybercrime threats during the COVID-19 pandemic, The Global Initiative Against Transnational Organized Crime, (2020).
[42] B.I.D. Messaoud, K. Guennoun, M. Wahbi and M. Sadik, Advanced persistent threat: New analysis driven by life cycle phases and their challenges, 2016 Int. Conf. Adv. Commun. Syst. Inf. Secur. ACOSIS 2016 - Proc. 2017, pp. 1–6.
[43] N.A.S. Mirza, H. Abbas, F.A. Khan and J. Al Muhtadi, Anticipating advanced persistent threat (APT) countermeasures using collaborative security mechanisms, Proc. - 2014 Int. Symp. Biometrics Secur. Technol. ISBAST 2014, (2015) 129—132.
[44] M. Nour, The UNSW-NB15 Dataset, UNSW Canberra, 2021.
[45] V. Prenosil and I. Ghafir, Advanced persistent threat attack detection: An overview, Int. J. Adv. Comput. Netwo UBMK 2018 - 3rd Int. Conf. Comput. Sci. Eng. Its Secur. 4(4) (2014).
[46] S. Quintero-Bonilla and A.M. del Rey, A new proposal on the advanced persistent threat: A survey, Appl. Sci. 10(11) (2020).
[47] M. Rakhi and R. Patel, A review on detecting APT malware infections based on traffic analysis and DNS, Int. J. Trend Res. Dev. 2(5) (2015) 149—153.
[48] B. Sabir, F. Ullah, M.A. Babar and R. Gaire, Machine learning for detecting data exfiltration, ACM Comput. Surv. 54(3) (2021) 1-–32.
[49] S.C. Satapathy, K.S. Raju, J.K. Mandal and V. Bhateja, Proceedings of the Second International Conference on Computer and Communication Technologies: IC3T 2015, Springer Link, 2016.
[50] S. Sibi Chakkaravarthy, D. Sangeetha and V. Vaidehi, A survey on malware analysis and mitigation techniques, Comput. Sci. Rev. 32 (2019) 1—23.
[51] M.A. Siddiqi, A. Mugheri and K. Oad, Advance persistent threat defense techniques: A review, pics J. 1(2) (2016) 53-–65.
[52] B. Stojanovi´c, K. Hofer-Schmitz and U. Kleb, APT datasets and attack modeling for automated detection methods: A review, Comput. Secur. 92 (2020) 101734.
[53] T.N. Sun, C. Teodorov and L. Le Roux, Operational design for advanced persistent threats, Proc. - 23rd ACM/IEEE Int. Conf. Model Driven Eng. Lang. Syst. Model. 2020 - Companion Proc., (2020) 362—371.
[54] P.S. Suryateja, Threats and vulnerabilities of cloud computing: A review, Int. J. Comput. Sci. Eng. 6(3) (2018) 297-–302.
[55] Y. Tanaka, M. Akiyama and A. Goto, Analysis of malware download sites by focusing on time series variation of malware, J. Comput. Sci. 22 (2017) 301—313.
[56] C. Tankard, Advanced persistent threats and how to monitor and deter them, Netw. Secur. 2011(8) (2011) 16-–19.
[57] M.J. Turcotte, A.D. Kent and C. Hash, Unified host and network data set, In Data Science for Cyber-Security, (2019) 1–22.
[58] M. Ussath, D. Jaeger, F. Cheng and C. Meinel, Advanced persistent threats: Behind the scenes, In 2016 Ann. Conf. Info. Sci. Syst. (CISS), IEEE, (2016) 181–186.
[59] R. Wagner, M. Fredrikson and D. Garlan, An advanced persistent threat exemplar, CARNEGIE-MELLON UNIV. PITTSBURGH PA PITTSBURGH United States, (2017).
[60] X. Wang, K. Zheng, X. Niu, B. Wu and C. Wu, Detection of command and control in advanced persistent threat based on independent access, 2016 IEEE Int. Conf. Commun. ICC 2016, (2016).
[61] G. Wangen, The role of malware in reported cyber espionage: A review of the impact and mechanism, Info. 6(2) (2015) 183-–211.
[62] K. Xing, A. Li, R. Jiang and Y. Jia, A review of APT attack detection methods and defense strategies, Proc. -2020 IEEE 5th Int. Conf. Data Sci. Cyberspace, DSC 2020, (2020) 67—70.
[63] C.D. Xuan, M.H. Dao and H.D. Nguyen, APT attack detection based on flow network analysis techniques using deep learning, J. Intell. Fuzzy Syst. 39(3) (2020) 4785-–4801.
[64] L.X. Yang, K. Huang, X. Yang, Y. Zhang, Y. Xiang and Y.Y. Tang, Defense against advanced persistent threat through data backup and recovery, IEEE Trans. Netw. Sci. Eng. 8(3) (2021) 2001—2013.
[65] Z.S.B. Zainudin, A Case Study Of Advanced Persistent Threats on Financial Institutions in Malaysia, MSc thesis, International Islamic University Malaysia, 2017.
[66] Z.S. Zainudin and N.N.A. Molok, Advanced persistent threats awareness and readiness: A case study in Malaysian financial institutions, Proc. 2018 Cyber Resil. Conf. CRC 2018, (2018) 1—3.
[67] R. Zhang, Y. Huo, J. Liu and F. Weng, Constructing APT attack scenarios based on intrusion kill chain and fuzzy clustering, Secur. Commun. Networks, 2017 (2017).
[68] G. Zhao, K. Xu, L. Xu and B. Wu, Detecting APT malware infections based on malicious DNS and traffic analysis, IEEE Access 3 (2015) 1132-–1142.
[69] Z. Zulkefli, M. Mahinderjit-Singh and N. Malim, Advanced persistent threat mitigation using multi level security access control framework, Lecture Notes in Computer Science, 2015.
[70] Kdd99, “kdd99,” kdd, 1998. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[71] UNIBS, “UNIBS,” 2011. http://netweb.ing.unibs.it/ ntw/tools/traces/.
[72] NSL-KDD, “NSL-KDD,” NSL-KDD, 2015. https://www.unb.ca/cic/datasets/nsl.html.
[73] NGIDS-DS, “No Title,” NGIDS-DS, 2017. https://research.unsw.edu.au/people/professor-jiankun-hu.
[74] TRAbID, “TRAbID,” 2017. https://secplab.ppgia.pucpr.br/trabid.
[75] “CIC-IDS2017,” CIC-IDS2017. https://www.unb.ca/cic/datasets/ids-2017.html.
[76] CIC-IDS2018, “CIC-IDS2018,” 2018. https://www.unb.ca/cic/datasets/ids-2018.html.
Volume 13, Issue 1
March 2022
Pages 4037-4052
  • Receive Date: 07 November 2021
  • Revise Date: 27 December 2021
  • Accept Date: 10 January 2022