Proactive Detection and Mitigation Strategies for Advanced Persistent Threats

Raghav MITTAL; Ivan CVITIĆ; Dragan PERAKOVIĆ; Soosaimarian Peter RAJA

doi:10.7307/ptt.v37i3.1088

Authors

Raghav MITTAL Vellore Institute of Technology, School of Computer Science and Engineering
Ivan CVITIĆ University of Zagreb, Faculty of Transport and Traffic Sciences
Dragan PERAKOVIĆ University of Zagreb, Faculty of Transport and Traffic Sciences
Soosaimarian Peter RAJA Vellore Institute of Technology, School of Computer Science and Engineering

DOI:

https://doi.org/10.7307/ptt.v37i3.1088

Keywords:

advanced persistent threats, Stuxnet, Nash equilibrium, game theory, online adaptive metric learning, hidden Markov model, Carbanak, Hydraq

Abstract

This research explores the growing threat of advanced persistent threats (APTs), which pose significant risks to national security, organisational operations and critical infrastructure. APTs have become increasingly sophisticated, targeting various sectors and demanding more effective defences to protect sensitive data and key systems. The focus of this paper is on addressing the rising frequency and complexity of APT attacks, aiming to provide a detailed analysis of their evolving tactics and the need for proactive security measures. Specifically, the paper examines current gaps in APT detection, from the initial stages of infiltration through to the complete removal of the threat. To address these challenges, the study introduces several detection strategies, including advanced correlation techniques, behavioural analysis of network traffic and user activity, and the application of machine learning and AI to improve threat identification. The paper analyses real-world APT incidents and discusses how monitoring and deception tactics can enhance security measures. It highlights the ongoing challenges presented by APTs, particularly their adaptive and dynamic attack methods, and emphasises the need for continuous improvement in defensive strategies. In conclusion, the paper outlines key areas for future research and stresses the importance of a proactive, evolving approach to counter the persistent and evolving nature of APTs.

References

Alshamrani A, et al. A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun Surv Tutor. 2019;21:1851–1877. DOI: 10.1109/COMST.2019.2891891.

Bencsath B, et al. The cousins of Stuxnet: Duqu, Flame, and Gauss. Future Internet. 2012;4:971–1003.

Laurenza G, et al. Malware triage for early identification of advanced persistent threat activities. Digit Threat Res Pract. 2020;1:1–17.

Joloudari JH, et al. Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access. 2020;8:186125–186137.

Zhang L, et al. A game-theoretic method for defending against advanced persistent threats in cyber systems. IEEE Trans Inf Forensics Secur. 2023;18:1349–1364. DOI: 10.1109/TIFS.2022.3229595.

Yeom S, et al. Scenario-based cyber attack·defense education system on virtual machines integrated by web technologies for protection of multimedia contents in a network. Multimed Tools Appl. 2021;80:34085–34101. DOI: 10.1007/s11042-019-08583-0.

Tian J, et al. Moving target defence approach to detecting Stuxnet-like attacks. IEEE Trans Smart Grid. 2020;11:291–300. DOI: 10.1109/TSG.2019.2921245.

Balduzzi M, et al. Targeted attacks detection with SPuNge. Proceedings of the IEEE 11th Annual Conference on Privacy, Security and Trust, 2013 Dec. Tarragona, Spain. 2013. p. 185–194.

Sigholm J, Bang M. Towards offensive cyber counterintelligence: Adopting a target-centric view on advanced persistent threats. Proceedings of the European Intelligence and Security Informatics Conference (EISIC), 2013. Uppsala, Sweden. p. 166–171.

Brogi G, Tong VVT. Terminaptor: Highlighting advanced persistent threats through information flow tracking. Proceedings of the 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2016. Larnaca, Cyprus. p. 1–5.

Chandra JV, et al. A practical approach to e-mail spam filters to protect data from advanced persistent threat. Proceedings of the International Conference on Circuit, Power, and Computing Technologies (ICCPCT), 2016. Nagercoil, India. p. 1–5.

Bari H. Protecting an enterprise network through the deployment of honeypot. Postgraduate thesis. Bangladesh University; 2021.

Cardenas AA, et al. Big data analytics for security. IEEE Secur Priv. 2013;11:74–76.

Giura P, Wang W. A context-based detection framework for advanced persistent threats. Proceedings of the ASE International Conference on Cyber Security, 2012. Alexandria, VA, USA. p. 69–74.

Zhang Y, Tang Z. An intelligent game theory framework for detecting advanced persistent threats. IEEE Access. 2022;10:12345–12356.

Smith J, Lee A. Recent developments in game-theory approaches for the detection of advanced persistent threats. Mathematics. 2023;11(6):1353.

Doe J, Brown C. Defending against APT attacks in robots: a multi-phase game theoretic framework. In: Cyber security and privacy. Springer; 2024. p. 123–134.

Johnson M, White P. Game theory in defence applications: A review. Sensors. 2022;22(3):1032.

Akbar KA, et al. Advanced persistent threat detection using data provenance and metric learning. IEEE Trans Dependable Secur Comput. 2023;20:3957–3969. DOI: 10.1109/TDSC.2022.3221789.

Weinberger KQ, Saul LK. Online learning of distance metrics. Advances in Neural Information Processing Systems. 2009;22:1607–1615.

Liu W, et al. Adaptive metric learning. Proceedings of the 27th International Conference on Machine Learning (ICML-10), 2010. p. 679–686.

Jain M, et al. Online metric learning with kernels. Proceedings of the 28th International Conference on Machine Learning (ICML-11), 2011. p. 529–536.

Ahmed AAE, et al. Survey on anomaly detection using Hidden Markov Model. Journal of Network and Computer Applications. 2017;89:1–13. DOI: 10.1016/j.jnca.2017.05.006.

Azmi MM, Rashid RA. Intrusion detection system using Hidden Markov Model and support vector machine. International Journal of Computer Applications. 2014;97(12). DOI: 10.5120/17024-7487.

Thakkar M, Loia L. A survey on network anomaly detection techniques. Journal of Network and Computer Applications. 2017;87:1–22. DOI: 10.1016/j.jnca.2017.03.002.

Chen Y, et al. Real-time anomaly detection based on HMM and clustering in wireless sensor networks. Ad Hoc Networks. 2013;11(7):1972–1983. DOI: 10.1016/j.adhoc.2013.03.007.

Huang L, Zhu Q. A dynamic games approach to proactive defense strategies against advanced persistent threats in cyber-physical systems. Comput Secur. 2020;89:101660. DOI: 10.1016/j.cose.2019.101660.

Ayoade G, et al. Automating cyberdeception evaluation with deep learning. Proceedings of the Hawaii International Conference on System Sciences (HICSS), 2020. DOI: 10.24251/HICSS.2020.236.

Ghafir I, et al. Hidden Markov models and alert correlations for the prediction of advanced persistent threats. IEEE Access. 2019;7:99508–99520. DOI: 10.1109/ACCESS.2019.2930200.

Bobde Y, et al. Enhancing industrial IoT network security through blockchain integration. Electronics. 2024;13(4):687. DOI: 10.3390/electronics13040687.

Cvitic I, et al. Boosting-based DDoS detection in Internet of Things systems. IEEE Internet Things J. 2022;9(3):2109–2123. DOI: 10.1109/JIOT.2021.3090909.