Modeling Attack Process of Advanced Persistent Threat Using Network Evolution
Summary :
Advanced Persistent Threat (APT) is one of the most serious network attacks that occurred in cyberspace due to sophisticated techniques and deep concealment. Modeling APT attack process can facilitate APT analysis, detection, and prediction. However, current techniques focus on modeling known attacks, which neither reflect APT attack dynamically nor take human factors into considerations. In order to overcome this limitation, we propose a Targeted Complex Attack Network (TCAN) model for APT attack process based on dynamic attack graph and network evolution. Compared with current models, our model addresses human factors by conducting a two-layer network structure. Meanwhile, we present a stochastic model based on states change in the target network to specify nodes involved in the procedure of this APT. Besides, our model adopts time domain to expand the traditional attack graph into dynamic attack network. Our model is featured by flexibility, which is proven through changing the related parameters. In addition, we propose dynamic evolution rules based on complex network theory and characteristics of the actual attack scenarios. Finally, we elaborate a procedure to add nodes by a matrix operation. The simulation results show that our model can model the process of attack effectively.
- Publication
- IEICE TRANSACTIONS on Information Vol.E100-D No.10 pp.2275-2286
- Publication Date
- 2017/10/01
- Publicized
- 2017/07/21
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2016INP0007
- Type of Manuscript
- Special Section PAPER (Special Section on Security, Privacy and Anonymity in Computation, Communication and Storage Systems)
- Category
- Operating system and network Security
Authors
Weina NIU
University of Electronic Science and Technology of China
Xiaosong ZHANG
University of Electronic Science and Technology of China
Guowu YANG
University of Electronic Science and Technology of China
Ruidong CHEN
University of Electronic Science and Technology of China
Dong WANG
University of Electronic Science and Technology of China
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Weina NIU, Xiaosong ZHANG, Guowu YANG, Ruidong CHEN, Dong WANG, "Modeling Attack Process of Advanced Persistent Threat Using Network Evolution" in IEICE TRANSACTIONS on Information,
vol. E100-D, no. 10, pp. 2275-2286, October 2017, doi: 10.1587/transinf.2016INP0007.
Abstract: Advanced Persistent Threat (APT) is one of the most serious network attacks that occurred in cyberspace due to sophisticated techniques and deep concealment. Modeling APT attack process can facilitate APT analysis, detection, and prediction. However, current techniques focus on modeling known attacks, which neither reflect APT attack dynamically nor take human factors into considerations. In order to overcome this limitation, we propose a Targeted Complex Attack Network (TCAN) model for APT attack process based on dynamic attack graph and network evolution. Compared with current models, our model addresses human factors by conducting a two-layer network structure. Meanwhile, we present a stochastic model based on states change in the target network to specify nodes involved in the procedure of this APT. Besides, our model adopts time domain to expand the traditional attack graph into dynamic attack network. Our model is featured by flexibility, which is proven through changing the related parameters. In addition, we propose dynamic evolution rules based on complex network theory and characteristics of the actual attack scenarios. Finally, we elaborate a procedure to add nodes by a matrix operation. The simulation results show that our model can model the process of attack effectively.
URL: https://globals.ieice.org/en_transactions/information/10.1587/transinf.2016INP0007/_p
Copy
@ARTICLE{e100-d_10_2275,
author={Weina NIU, Xiaosong ZHANG, Guowu YANG, Ruidong CHEN, Dong WANG, },
journal={IEICE TRANSACTIONS on Information},
title={Modeling Attack Process of Advanced Persistent Threat Using Network Evolution},
year={2017},
volume={E100-D},
number={10},
pages={2275-2286},
abstract={Advanced Persistent Threat (APT) is one of the most serious network attacks that occurred in cyberspace due to sophisticated techniques and deep concealment. Modeling APT attack process can facilitate APT analysis, detection, and prediction. However, current techniques focus on modeling known attacks, which neither reflect APT attack dynamically nor take human factors into considerations. In order to overcome this limitation, we propose a Targeted Complex Attack Network (TCAN) model for APT attack process based on dynamic attack graph and network evolution. Compared with current models, our model addresses human factors by conducting a two-layer network structure. Meanwhile, we present a stochastic model based on states change in the target network to specify nodes involved in the procedure of this APT. Besides, our model adopts time domain to expand the traditional attack graph into dynamic attack network. Our model is featured by flexibility, which is proven through changing the related parameters. In addition, we propose dynamic evolution rules based on complex network theory and characteristics of the actual attack scenarios. Finally, we elaborate a procedure to add nodes by a matrix operation. The simulation results show that our model can model the process of attack effectively.},
keywords={},
doi={10.1587/transinf.2016INP0007},
ISSN={1745-1361},
month={October},}
Copy
TY - JOUR
TI - Modeling Attack Process of Advanced Persistent Threat Using Network Evolution
T2 - IEICE TRANSACTIONS on Information
SP - 2275
EP - 2286
AU - Weina NIU
AU - Xiaosong ZHANG
AU - Guowu YANG
AU - Ruidong CHEN
AU - Dong WANG
PY - 2017
DO - 10.1587/transinf.2016INP0007
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E100-D
IS - 10
JA - IEICE TRANSACTIONS on Information
Y1 - October 2017
AB - Advanced Persistent Threat (APT) is one of the most serious network attacks that occurred in cyberspace due to sophisticated techniques and deep concealment. Modeling APT attack process can facilitate APT analysis, detection, and prediction. However, current techniques focus on modeling known attacks, which neither reflect APT attack dynamically nor take human factors into considerations. In order to overcome this limitation, we propose a Targeted Complex Attack Network (TCAN) model for APT attack process based on dynamic attack graph and network evolution. Compared with current models, our model addresses human factors by conducting a two-layer network structure. Meanwhile, we present a stochastic model based on states change in the target network to specify nodes involved in the procedure of this APT. Besides, our model adopts time domain to expand the traditional attack graph into dynamic attack network. Our model is featured by flexibility, which is proven through changing the related parameters. In addition, we propose dynamic evolution rules based on complex network theory and characteristics of the actual attack scenarios. Finally, we elaborate a procedure to add nodes by a matrix operation. The simulation results show that our model can model the process of attack effectively.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
