| Title | Modeling the Operational Phases of APT Campaigns |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Berady, Aimad, Viet Triem Tong, Valerie, Guette, Gilles, Bidan, Christophe, Carat, Guillaume |
| Conference Name | 2019 International Conference on Computational Science and Computational Intelligence (CSCI) |
| Keywords | advanced persistent threat, advanced persistent threat attacks, Analytical models, APT, APT attack, APT campaigns, attack chronology, Computational modeling, computer network security, Context modeling, Cyber Kill Chain, cyber threat intelligence, cyberspace operations, Data models, decision making, final objectives achievement, Human Behavior, Knowledge engineering, Metrics, NIST, operational phases, operational reading, pubcrawl, resilience, Resiliency, Scalability, Tactics Techniques and Procedures |
| Abstract | In the context of Advanced Persistent Threat (APT) attacks, this paper introduces a model, called Nuke, which tries to provide a more operational reading of the attackers' lifecycle in a compromised network. It allows to consider the notions of regression; and repetitiveness of final objectives achievement. By confronting this model with examples of recent attacks (Equifax data breach and TV5Monde sabotage), we emphasize the importance of the attack chronology in the Cyber Threat Intelligence (CTI) reports, as well as the Tactics, Techniques and Procedures (TTP) used by the attacker during his progression. |
| DOI | 10.1109/CSCI49370.2019.00023 |
| Citation Key | berady_modeling_2019 |
Modeling the Operational Phases of APT Campaigns