TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking - Archive ouverte HAL Access content directly
Conference Papers Year : 2016

TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking

(1) , (2, 3)
1
2
3

Abstract

Long lived attack campaigns known as Advanced Persistent Threats (APTs) have emerged as a serious security risk. These attack campaigns arecustomised for their target and performed step by step during months on end. The major difficulty in detecting an APT is keeping track of the different steps logged over months of monitoring and linking them. In this article, we describe TerminAPTor, an APT detector which highlights links between the traces left by attackers in the monitored system during the different stages of an attack campaign. TerminAPTor tackles this challenge by resorting to Information Flow Tracking (IFT). Our main contribution is showing that IFT can be used to highlight APTs. Additionally, we describe a generic representation of APTs and validate our IFT-based APT detector.
Fichier principal
Vignette du fichier
llncs.pdf (105.15 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01417612 , version 1 (16-12-2016)

Identifiers

Cite

Guillaume Brogi, Valérie Viet Triem Tong. TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking. 8th IFIP International Conference on New Technologies, Mobility and Security, Nov 2016, Larnaca, Cyprus. ⟨10.1109/ntms.2016.7792480⟩. ⟨hal-01417612⟩
354 View
719 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More