Abstract
This study investigated the shift from the manual approach of processing data to the digitized method making organizational data prone to attack by cybercriminals. The latest threat Advanced Persistent Threats (APT) was originated by the United States Air Force in 2006 by Colonel Greg Rattray. APT is constantly ravaging industries and governments, which causes severe damages including data loss, espionage, sabotage, leak, or forceful pay of ransom money to the attackers. This study introduces a new model built on Adversarial Tactics Techniques and Common Knowledge (ATT&CK) matrix for detecting APT attack. This is to identify the APT on the first potential victim when the attackers use credential dumping technique. Strange Behavior Inspection Model incorporating several models investigates and monitors APT behavioral features in the CPU, RAM, windows registry, and file systems proposed to detect APT Attack at the first potential victim machine. The Strange Behavior Inspection (SBI) Model proposed in this paper is designed to detect the attack before being developed to more advanced phases. The results of this study are presented at four levels:1- random access memory, 2-central processing unit, 3- windows registry, and 4- file systems. This study proposes a unique model as evidence to detect APT attacks before any other techniques are used. The proposed model reduces the detection time from nine-months to 2.7 minutes.
Highlights
The evolution of the Internet and computer networks has initiated new and sophisticated types of attacks called the Advanced Persistent Threat (APT)
STUDIES This part of the paper presents some of the terms used in the context, and which are used during the implementation of Strange Behavior Inspection (SBI) model to detect APT groups in credential dumping technique
This study finds that there is a significant relationship between these DLL files in table 3, worked on in this study, and Common Vulnerabilities and Exposures (CVE) in table 3
Summary
The evolution of the Internet and computer networks has initiated new and sophisticated types of attacks called the Advanced Persistent Threat (APT). The APT attackers, without being detected, concede in the network for a long time to steal data and critical information [4]. Belaton: SBI Model for the Detection of APT Based on Strange Behavior of Using Credential Dumping Technique. After successfully gaining access into the network, the attacker installs malware on the computer of the victim They scale up the search to find other vulnerable hosts to pivot and hide their presence to ensure the highest privilege to reach their goal [3]. Built based on this observation, the proposed SBI solution, focuses on the weakest points of APT lifecycle which is the occurrence of suspicious behavior found in credential dumping. This, makes this model completely unique and different from existing solutions which prepare it for practical solutions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
