Information Protecting Against APT Based on the Study of Cyber Kill Chain with Weighted Bayesian Classification with Correction Factor
Title | Information Protecting Against APT Based on the Study of Cyber Kill Chain with Weighted Bayesian Classification with Correction Factor |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Wen, Senhao, Rao, Yu, Yan, Hanbing |
Conference Name | Proceedings of the 7th International Conference on Informatics, Environment, Energy and Applications |
Publisher | ACM |
ISBN Number | 978-1-4503-6362-4 |
Keywords | APT, Bayesian classification, Chained Attacks, correction factor, Cyber Kill Chain, pubcrawl, resilience, Resiliency, Scalability, TF-IDF |
Abstract | To avoid being discovered by the defenders of a target, APT attackers are using encrypted communication to hide communication features, using code obfuscation and file-less technology to avoid malicious code being easily reversed and leaking out its internal working mechanism, and using misleading content to conceal their identities. And it is clearly ineffective to detect APT attacks by relying on one single technology. All of these tough situation make information security and privacy protection face increasingly serious threats. In this paper, through a deep study of Cyber Kill Chain behaviors, combining with intelligence analysis technology, we transform APT detecting problem to be a measurable mathematical problem through weighted Bayesian classification with correction factor so as to detect APTs and perceive threats. In the solution, we adopted intelligence acquisition technology from massive data, and TFIDF algorithm for calculate attack behavior's weight. Also we designed a correction factor to improve the Markov Weighted Bayesian Model with multiple behaviors being detected by modifying the value of the probability of APT attack. |
URL | https://dl.acm.org/citation.cfm?doid=3208854.3208893 |
DOI | 10.1145/3208854.3208893 |
Citation Key | wen_information_2018 |