Graph-Based APT Detection
| Title | Graph-Based APT Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Debatty, T., Mees, W., Gilon, T. |
| Conference Name | 2018 International Conference on Military Communications and Information Systems (ICMCIS) |
| ISBN Number | 978-1-5386-4559-8 |
| Keywords | advanced persistent threats, antiviruses, Approximation algorithms, Batch production systems, Browsers, detection system, graph model, graph theory, graph-based APT detection, HTTP traffic, Human Behavior, Image edge detection, invasive software, malware analysis, Metrics, Organizations, privacy, Protocols, pubcrawl, Resiliency, Servers, undocumented attacks, Web interface |
| Abstract | In this paper we propose a new algorithm to detect Advanced Persistent Threats (APT's) that relies on a graph model of HTTP traffic. We also implement a complete detection system with a web interface that allows to interactively analyze the data. We perform a complete parameter study and experimental evaluation using data collected on a real network. The results show that the performance of our system is comparable to currently available antiviruses, although antiviruses use signatures to detect known malwares while our algorithm solely uses behavior analysis to detect new undocumented attacks. |
| URL | https://ieeexplore.ieee.org/document/8398708 |
| DOI | 10.1109/ICMCIS.2018.8398708 |
| Citation Key | debatty_graph-based_2018 |
- Image edge detection
- Web interface
- undocumented attacks
- Servers
- Resiliency
- pubcrawl
- Protocols
- privacy
- Organizations
- Metrics
- Malware Analysis
- invasive software
- advanced persistent threats
- Human behavior
- HTTP traffic
- graph-based APT detection
- graph theory
- graph model
- detection system
- Browsers
- Batch production systems
- Approximation algorithms
- antiviruses