TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking

Abstract : Long lived attack campaigns known as Advanced Persistent Threats (APTs) have emerged as a serious security risk. These attack campaigns are customised for their target and performed step by step during months on end. The major difficulty in detecting an APT is keeping track of the different steps logged over months of monitoring and linking them. In this article, we describe TerminAPTor, an APT detector which highlights links between the traces left by attackers in the monitored system during the different stages of an attack campaign. TerminAPTor tackles this challenge by resorting to Information Flow Tracking (IFT). Our main contribution is showing that IFT can be used to highlight APTs. Additionally, we describe a generic representation of APTs and validate our IFT-based APT detector.
Type de document :
Communication dans un congrès
8th IFIP International Conference on New Technologies, Mobility and Security, Nov 2016, Larnaca Cyprus. 2016, 〈http://www.ntms-conf.org/ntms2016/〉
Liste complète des métadonnées

Littérature citée [24 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01417612
Contributeur : Valérie Viet Triem Tong <>
Soumis le : vendredi 16 décembre 2016 - 15:31:05
Dernière modification le : vendredi 15 juin 2018 - 16:18:06
Document(s) archivé(s) le : mardi 21 mars 2017 - 10:32:54

Fichier

llncs.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01417612, version 1

Citation

Guillaume Brogi, Valérie Viet Triem Tong. TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking. 8th IFIP International Conference on New Technologies, Mobility and Security, Nov 2016, Larnaca Cyprus. 2016, 〈http://www.ntms-conf.org/ntms2016/〉. 〈hal-01417612〉

Partager

Métriques

Consultations de la notice

717

Téléchargements de fichiers

281