Skip to Main content Skip to Navigation
Conference papers

TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking

Abstract : Long lived attack campaigns known as Advanced Persistent Threats (APTs) have emerged as a serious security risk. These attack campaigns arecustomised for their target and performed step by step during months on end. The major difficulty in detecting an APT is keeping track of the different steps logged over months of monitoring and linking them. In this article, we describe TerminAPTor, an APT detector which highlights links between the traces left by attackers in the monitored system during the different stages of an attack campaign. TerminAPTor tackles this challenge by resorting to Information Flow Tracking (IFT). Our main contribution is showing that IFT can be used to highlight APTs. Additionally, we describe a generic representation of APTs and validate our IFT-based APT detector.
Document type :
Conference papers
Complete list of metadatas

Cited literature [24 references]  Display  Hide  Download

https://hal.inria.fr/hal-01417612
Contributor : Valérie Viet Triem Tong <>
Submitted on : Friday, December 16, 2016 - 3:31:05 PM
Last modification on : Wednesday, April 8, 2020 - 4:12:31 PM
Document(s) archivé(s) le : Tuesday, March 21, 2017 - 10:32:54 AM

File

llncs.pdf
Files produced by the author(s)

Identifiers

Citation

Guillaume Brogi, Valérie Viet Triem Tong. TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking. 8th IFIP International Conference on New Technologies, Mobility and Security, Nov 2016, Larnaca, Cyprus. ⟨10.1109/ntms.2016.7792480⟩. ⟨hal-01417612⟩

Share

Metrics

Record views

1153

Files downloads

801