Defense-in-Depth Approach for Early Detection of High-Potential Advanced Persistent Attacks

Abstract

Cyber security has gained high level of attention due to its criticality and increased sophistication on organizations network. There is more number of targeted attacks happening in recent years. Advanced Persistent Threats (APTs) are the most complex and highly sophisticated attack in present scenario. Due to the sophistication of these attacks, it can be able to bypass the deployed security controls and more stealthily infiltrate the targeted internal network. Detection of these attacks are very challenging because they treated normal behaviors to hide itself from traditional detection mechanism. In this paper, we analyze the 26 APT campaigns reports and shows the different methods and techniques that are used by attacker to perform the sophisticated attacks. Our research is mainly focused on the three levels of investigation of APT campaigns that give some common characteristics of them such as APT attack usage zero-day vulnerability or not. Furthermore, according to their characteristics, we propose a novel approach that is capable to early detection of APTs and also suggest concrete prevention mechanism that make it possible to identify the intrusions as early as possible.