Skip to Main content Skip to Navigation
Conference papers

TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking

Abstract : Long lived attack campaigns known as Advanced Persistent Threats (APTs) have emerged as a serious security risk. These attack campaigns arecustomised for their target and performed step by step during months on end. The major difficulty in detecting an APT is keeping track of the different steps logged over months of monitoring and linking them. In this article, we describe TerminAPTor, an APT detector which highlights links between the traces left by attackers in the monitored system during the different stages of an attack campaign. TerminAPTor tackles this challenge by resorting to Information Flow Tracking (IFT). Our main contribution is showing that IFT can be used to highlight APTs. Additionally, we describe a generic representation of APTs and validate our IFT-based APT detector.
Document type :
Conference papers
Complete list of metadata

Cited literature [24 references]  Display  Hide  Download
Contributor : Valérie Viet Triem Tong Connect in order to contact the contributor
Submitted on : Friday, December 16, 2016 - 3:31:05 PM
Last modification on : Wednesday, November 3, 2021 - 6:04:13 AM
Long-term archiving on: : Tuesday, March 21, 2017 - 10:32:54 AM


Files produced by the author(s)



Guillaume Brogi, Valérie Viet Triem Tong. TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking. 8th IFIP International Conference on New Technologies, Mobility and Security, Nov 2016, Larnaca, Cyprus. ⟨10.1109/ntms.2016.7792480⟩. ⟨hal-01417612⟩



Les métriques sont temporairement indisponibles