Abstract

SummaryWith the development of the Internet of Things (IoT) technology, various attacks and threats have emerged. The advanced persistent threat (APT) refers to a class of advanced multiple‐steps attacks among diverse attack activities, which brings severe threats to the IoT systems ascribe to its pertinence, concealment, and permeability. However, the existing technologies and methods fail to timely recognize the APT attack activities (especially the zero‐day exploits) in a comprehensive scope. To address this problem, we propose a novel method of cyber situation perception for IoT systems, which based on zero‐day attack activity recognition within APT (CSPAPTM). Moreover, we also design an edge computing framework for applying CSPAPTM to the typical IoT systems. Specifically, we first provide a cyber situation perception ontology construction module for describing the APT attack activities. Then, a malicious C&C DNS mining method (MCCDRM) is proposed to control the APT malicious activity correlation analysis trigger, which can effectively decrease the computing overhead. Finally, we propose a zero‐day attack activity recognition method within APT (ZDAARA), which acts on system call instances to recognize the malicious activities, which cannot be detected by IDS. A relatively mature access control mechanism PO‐SAAC is also applied to our method. Through the coalescent of these methods, CSPAPTM can accomplish the cyber situation perception effectively by the zero‐day attack activities recognition in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, that is, MCCDRM and ZDAARA in our CSPAPTM, can achieve both higher F1 score and acceptable false positive rate.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.