Abstract
Advanced Persistent Threat (APT) is a type of threat that has grabbed the attention of researchers, particularly in the industrial security field. APTs are cyber intrusions carried out by skilled and well-resourced adversaries who target specific information in high-profile organizations and governments, frequently as part of a multi-phase long-term operation. One of the phases of the APT process is the command-and-control (C&C) phase, also known as beaconing. Beaconing is an important part of an APT lifecycle, where the adversaries establish channels with the compromised hosts in the targeted system, allowing them to launch additional attacks. Detecting and predicting this stage is therefore a practical way to guard against APTs. This paper discusses the techniques and methods used to detect APTs and also specifically to identify beaconing, either during the APT lifecycle or not. In it, we determine various artificial intelligence algorithms used for detecting, analyzing and comparing characteristics of datasets and data sources used to implement these detection techniques. Moreover, we present the strengths and challenges of various APT/beaconing detection methods. Finally, this study outlines many cybersecurity vendor projects that have been created to identify APT or beaconing operations, categorized according to the detection approach utilized.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
