Visible to the public Information Protecting Against APT Based on the Study of Cyber Kill Chain with Weighted Bayesian Classification with Correction Factor

TitleInformation Protecting Against APT Based on the Study of Cyber Kill Chain with Weighted Bayesian Classification with Correction Factor
Publication TypeConference Paper
Year of Publication2018
AuthorsWen, Senhao, Rao, Yu, Yan, Hanbing
Conference NameProceedings of the 7th International Conference on Informatics, Environment, Energy and Applications
PublisherACM
ISBN Number978-1-4503-6362-4
KeywordsAPT, Bayesian classification, Chained Attacks, correction factor, Cyber Kill Chain, pubcrawl, resilience, Resiliency, Scalability, TF-IDF
Abstract

To avoid being discovered by the defenders of a target, APT attackers are using encrypted communication to hide communication features, using code obfuscation and file-less technology to avoid malicious code being easily reversed and leaking out its internal working mechanism, and using misleading content to conceal their identities. And it is clearly ineffective to detect APT attacks by relying on one single technology. All of these tough situation make information security and privacy protection face increasingly serious threats. In this paper, through a deep study of Cyber Kill Chain behaviors, combining with intelligence analysis technology, we transform APT detecting problem to be a measurable mathematical problem through weighted Bayesian classification with correction factor so as to detect APTs and perceive threats. In the solution, we adopted intelligence acquisition technology from massive data, and TFIDF algorithm for calculate attack behavior's weight. Also we designed a correction factor to improve the Markov Weighted Bayesian Model with multiple behaviors being detected by modifying the value of the probability of APT attack.

URLhttps://dl.acm.org/citation.cfm?doid=3208854.3208893
DOI10.1145/3208854.3208893
Citation Keywen_information_2018