Biblio
Smart grid technology is the core technology for the next-generation power grid system with enhanced energy efficiency through decision-making communication between suppliers and consumers enabled by integrating the IoT into the existing grid. This open architecture allowing bilateral information exchange makes it vulnerable to various types of cyberattack. APT attacks, one of the most common cyberattacks, are highly tricky and sophisticated attacks that can circumvent the existing detection technology and attack the targeted system after a certain latent period after intrusion. This paper proposes an ontology-based attack detection system capable of early detection of and response to APT attacks by analyzing their attacking patterns.
There are continuous hacking and social issues regarding APT (Advanced Persistent Threat - APT) attacks and a number of antivirus businesses and researchers are making efforts to analyze such APT attacks in order to prevent or cope with APT attacks, some host PC security technologies such as firewalls and intrusion detection systems are used. Therefore, in this study, malignant behavior patterns were extracted by using an API of PE files. Moreover, the FP-Growth Algorithm to extract behavior information generated in the host PC in order to overcome the limitation of the previous signature-based intrusion detection systems. We will utilize this study as fundamental research about a system that extracts malignant behavior patterns within networks and APIs in the future.
Recently personal information due to the APT attack, the economic damage and leakage of confidential information is a serious social problem, a great deal of research has been done to solve this problem. APT attacks are threatening traditional hacking techniques as well as to increase the success rate of attacks using sophisticated attack techniques such attacks Zero-Day vulnerability in order to avoid detection techniques and state-of-the-art security because it uses a combination of intelligence. In this paper, the malicious code is designed to detect APT attack based on APT attack behavior ontology that occur during the operation on the target system, it uses intelligent APT attack than to define inference rules can be inferred about malicious attack behavior to propose a method that can be detected.
Advanced Persistent Threat (APT), unlike traditional hacking attempts, carries out specific attacks on a specific target to illegally collect information and data from it. These targeted attacks use special-crafted malware and infrequent activity to avoid detection, so that hackers can retain control over target systems unnoticed for long periods of time. In order to detect these stealthy activities, a large-volume of traffic data generated in a period of time has to be analyzed. We proposed a scalable solution, Ctracer to detect stealthy command and control channel in a large-volume of traffic data. APT uses multiple command and control (C&C) channel and change them frequently to avoid detection, but there are common signatures in those C&C sessions. By identifying common network signature, Ctracer is able to group the C&C sessions. Therefore, we can detect an APT and all the C&C session used in an APT attack. The Ctracer is evaluated in a large enterprise for four months, twenty C&C servers, three APT attacks are reported. After investigated by the enterprise's Security Operations Center (SOC), the forensic report shows that there is specific enterprise targeted APT cases and not ever discovered for over 120 days.