Improved Methodology to Detect Advanced Persistent Threat Attacks

Improved Methodology to Detect Advanced Persistent Threat Attacks

Ambika N. (SSMRV College, India)
Copyright: © 2020 |Pages: 19
DOI: 10.4018/978-1-7998-2253-0.ch009


Cybersecurity is essentials in today's era. An increase in cyberattacks has driven caution to safeguard data. An advanced persistent attack is an attack where the intellectual property of an organization is attempted to be misused. The attacker stays on the network for a long-time intruding into confidential files. The attacker switches into sleep mode, masking himself. Hence, the attacker is quite difficult to trace. The proposed work is suggested to tackle the problem. Public key cryptography is used to encrypt the data. The hash code is affixed to the transmitted message to provide reliability to the transmitted data. The work proves to be 4.9% stronger in authenticating the received packets, provides 4.42% greater data reliability, and decreases the load of the server by 43.5% compared to work.
Chapter Preview


We are into an era where gaining access to information has to be in seconds. The internet has bought answers where the user can access data anytime/anywhere. The Internet has become an essential part of today’s technology era. The technology has become a part-parcel of human life. Innumerable people across the globe are using technology to a very large extent. This technology is the backbone of many organizations ranging from small scale industries to global giants. A large amount of data in various forms are exchanged and shared by the organizations. To provide a store and transfer of a large amount of data cloud (Wan, Zhang, Sun, Lin, Zou, & Cai, 2014) is being introduced. The system is capable of availing service anywhere/anytime. The merge of the two (Bhagat, 2012) has increased production to a large extent. As the demand for the same is increasing the threats are also increasing. Many kinds of cyberattacks (Kim, Kim, & Park, 2014; He & Yan., 2016) are introduced into the system.

Advanced persistent threats (APT) (Lemay, Calvet, Menet, & Fernandez, 2018; Chen, Su, Yeh, & Yung, 2018) is one such attack. It is characterized to work for long periods. They use encrypted connections and forge normal behavior. These attacks are human-driven infiltrations. The attacks are usually customized to target an organization especially open resources are targeted. Though the attacks are unique, the same follows a pattern. It commences with initial reconnaissance. After initial compromise, it starts elevating its privileges. It moves towards the destination file using the privileges. Once it reaches its destination it extracts the required data. The companies are aimed at their reputation or any monetary gain.

APT has left many traces. The sequence of attacks was launched on Google, adobe systems, Jupiter networks in 2009. Operation Aurora (Varma, 2010) was able to gain access to Google’s intellectual property. The attack originated in China. Stuxnet (Langner, 2011) is one of its kinds. This was a worm discovered in 2010. A USB thumb drive spread the infection into the system. The attack exploited the vulnerabilities of windows OS. It destroyed Iran’s uranium facilities.

Another kind of attack that started in 2006 and is still in existence is the Shady RATS attack (Gross, 2011; Amorosi, 2011). The adversary utilizes encrypted HTML to introduce the attack into the system. This is one of the high potential damaging acts of cyber espionage. The attack has pilfered intellectual property from more than 70 public/private sectors around the globe. Cyber espionage in the year 2009 targeted around 100 countries. The attacker (Deibert, Rohozinski, Manchanda, Villeneuve, & Walton, 2009) used phishing and remote administrative tools to harm the intellectual property of the organization. Another attack (Li, Huang, Wang, Fan, & Li., 2016) that targets the guest using wireless networks were discovered from August 2010 and continued to 2013.The attack misuses the check-in data of the respective. The users are lured with offers. The packages provided as offers are loaded with Trojan and key loggers.

The main contributions of the chapter include-

  • One-way authentication is done when the terminal joins the network or the terminal gets active. The terminals generate hash code to identify it. The Markov-chain process is used to generate a unique hash code for every session.

  • Public key encryption is used to encrypt the data.

  • Hash code is affixed to the transmitted data.

  • Early detection of illegitimate node is proposed.

Complete Chapter List

Search this Book: