To see the other types of publications on this topic, follow the link: Advanced persistent threats (APT).
Journal articles on the topic 'Advanced persistent threats (APT)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Advanced persistent threats (APT).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Akuffo-Badoo, Erastus B. "Understanding Advanced Persistent Threats." Advances in Multidisciplinary and scientific Research Journal Publication 1, no. 1 (2022): 15–22. http://dx.doi.org/10.22624/aims/crp-bk3-p3.
Full textAbstract:
Advanced Persistent Threats (APTs) are a new type of threat that has piqued the interest of experts, particularly in the industrial security industry. APTs are cyber-attacks carried out by skilled and well-resourced adversaries who target specific information in high-profile organizations and governments, usually as part of a multi-step operation. The academic community has largely ignored the specifics of these threats, and as a result, an objective solution to the APT problem is absent. In terms of cybercrime activity, Africa has been one of the fastest rising regions. The continent is also a major source of cyberattacks on the rest of the world. A number of initiatives, however, have been implemented to mitigate cyber-threats and strengthen cybersecurity across the continent. The results of a complete study on APT are presented in this paper, which characterizes its differentiating traits and attack model while also assessing strategies often used in APT attacks. We also list various non-traditional countermeasures that can aid in the mitigation of APTs, highlighting future research prospects. Keywords : Advanced Persistent Threat, APT(s), Sophisticated Attacks, Cyber Security, Africa BOOK Chapter ǀ Research Nexus in IT, Law, Cyber Security & Forensics. Open Access. Distributed Free Citation: Akuffo-Badoo Erastus B. (2022). Understanding Advanced Persistent Threats . SMART-IEEE-Creative Research Publications Book Chapter Series on Research Nexus in IT, Law, Cyber Security & Forensics. Pp 15-22. www.isteams.net/ITlawbookchapter2022. dx.doi.org/10.22624/AIMS/CRP-BK3-P3
2
Nicho, Mathew, and Shafaq Khan. "Identifying Vulnerabilities of Advanced Persistent Threats." International Journal of Information Security and Privacy 8, no. 1 (2014): 1–18. http://dx.doi.org/10.4018/ijisp.2014010101.
Full textAbstract:
One of the most serious and persistent threat that has emerged in recent years combining technical as well as non-technical skills is the Advanced Persistent Threat, commonly known as APT where hackers circumvent the organizational defenses and instead target the naivety of the employees in making an unintentional mistake. While this threat has gained prominence in recent years, research on its cause and mitigation is still at the infancy stage. In this paper the authors explore APT vulnerabilities from an organizational perspective to create a taxonomy of non-technical and technical vulnerabilities. The objective is to enhance awareness and detection of APT vulnerabilities by managers and end users. To this end, the authors conducted interviews with senior IT managers in three large organizations in Dubai, United Arab Emirates. The analysis of the findings suggested that the APT threat environment is affected by multiple factors spanning primarily non-technical as well as technical vulnerabilities.
3
Pashupatimath, Anand. "Novel Approach to Detect APT (Advanced Persistent Threat)." International Journal for Research in Applied Science and Engineering Technology 12, no. 4 (2024): 2440–45. http://dx.doi.org/10.22214/ijraset.2024.60342.
Full textAbstract:
Abstract: In cyber security, APT stands for Advanced Persistent Threat. It refers to advanced and long-term cyber-attacks where an attacker gains unauthorized access to a network and remains invisible for a long period of time. APTs are difficult to detect and require a comprehensive security strategy that includes threat intelligence, technical intelligence, and continuous monitoring to effectively mitigate risk. This paper introduces a different approach to APT prevention by integrating advanced threat intelligence, machine learning algorithms, and proactive defense mechanisms. Our approach uses real-time data analysis, anomaly detection and behavioral profiling to identify potential threats early in their lifecycle
4
Adem Şimşek, Adem Şimşek. "DETECTION OF ADVANCED PERSISTENT THREATS USING SIEM RULESETS." PIRETC-Proceeding of The International Research Education & Training Centre 28, no. 07 (2023): 25–31. http://dx.doi.org/10.36962/piretc28072023-25.
Full textAbstract:
Cyber-attacks move towards a sophisticated, destructive, and persistent position, as in the case of Stuxnet, Dark Hotel, Poseidon, and Carbanak. These attacks are called Advanced Persistent Threats (APT) in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time. In today's digitalized life, these attacks threaten the main critical life areas. This threat is followed by critical infrastructures, finance, energy, and aviation agencies. One of the biggest APT attacks was Stuxnet which targeted software on computers controlling the programmable logic controllers (PLCs) used to automate machine processes. The other one was the Deep Panda attack discovered in 2015 which compromised over 4 million US personnel records because of the ongoing cyberwar between China and the U.S. This paper attempts to explain the difficulties of detecting APTs and to examine the studies in this area. In addition, this paper presents a new approach to detecting APTs using the SIEM solution. In this approach, it is recommended to establish APT rulesets in SIEM solutions by using the indicators left behind by the attacks. In the rulesets, 3 basic indicator types are considered, and examples are shared. Keywords: Cyber security, cyber war, APT, SIEM, Intrusion Detection System.
5
AJIBOLA, Aminat, Innocent UJATA, Oluwasegun ADELAIYE, and Noorihan Abdul RAHMAN. "Mitigating Advanced Persistent Threats: A Comparative Evaluation Review." International Journal of Information Security and Cybercrime 8, no. 2 (2019): 9–20. http://dx.doi.org/10.19107/ijisc.2019.02.01.
Full textAbstract:
Cyber threats have been an issue of great concern since the advent of the information (computer and internet) age. But of greater concern is the most recent class of threats, known as Advanced Persistent Threats (APTs). It has drawn increasing attention all over the world, from researchers, and the industrial security sector. APTs are sophisticated cyber-attacks executed by sophisticated and well-resourced adversaries targeting specific information in companies and government. APT is a long-term campaign involving different steps. This form of attack if successful has significant implications to countries and large organizations, which may be from financial to reputational damage. This work presents a comprehensive study on APT, characterizing its uniqueness and attack model, and analyzing techniques commonly seen in APT attacks. On evaluating mitigation effects proposed and developed by researches, the use of a multiple mitigation methods shows good signs in detecting and preventing APT. Anomaly detection and dynamic analysis show high accuracy levels in detecting APT. This work also highlights and recommends security tips as well as methods of implementing countermeasures that can help to mitigate APTs, thereby giving directions for future research.
6
Brandao, Pedro Ramos. "Advanced Persistent Threats (APT)-Attribution-MICTIC Framework Extension." Journal of Computer Science 17, no. 5 (2021): 470–79. http://dx.doi.org/10.3844/jcssp.2021.470.479.
Full text
7
Austin, Orumwense, and Ihsan Mansoor. "The Impact of Emerging Cloud Security Threats: A Focus on Advanced Persistent Threats." International Journal of Innovative Science and Research Technology (IJISRT) 9, no. 12 (2025): 2227–38. https://doi.org/10.5281/zenodo.14598602.
Full textAbstract:
The rapid advancement in cloud computing technology is continually evolving, with threat actors refining their tactics, exploiting new vulnerabilities, and expanding their influence. This dynamic environment exposes cloud infrastructure to emerging cyber-attacks, including Advanced Persistent Threats (APT), impacting both customers and service providers. Understanding the gap in APT detection literature is crucial for researchers. The research aims to comprehensively understand APTs' influence on cloud security, analyse existing approaches, emulate adversary plans, simulate attacks using Mitre Caldera, employ Snort for detection, and utilise the Nessus vulnerability scanning tool. The study addresses critical questions about APTs' exploitation of cloud environments, strengths and weaknesses of mitigation methods, impacts of successful APT attacks, vulnerabilities in cloud infrastructures, and techniques for detecting APTs. The findings underscore the intricate interplay between APT activities and cloud environments, emphasising the need for robust detection and mitigation strategies. The combination of APT simulation, vulnerability assessment, and detection mechanism analysis yields invaluable insights into the evolving threat landscape within cloud ecosystems. As organisations increasingly embrace cloud technologies, the lessons from this study contribute substantially to the ongoing discourse on fortifying cloud security against persistent and evolving cyber threats.
8
Li, Jingwen, Jianyi Liu, and Ru Zhang. "Advanced Persistent Threat Group Correlation Analysis via Attack Behavior Patterns and Rough Sets." Electronics 13, no. 6 (2024): 1106. http://dx.doi.org/10.3390/electronics13061106.
Full textAbstract:
In recent years, advanced persistent threat (APT) attacks have become a significant network security threat due to their concealment and persistence. Correlation analysis of APT groups is vital for understanding the global network security landscape and accurately attributing threats. Current studies on threat attribution rely on experts or advanced technology to identify evidence linking attack incidents to known APT groups. However, there is a lack of research focused on automatically discovering potential correlations between APT groups. This paper proposes a method using attack behavior patterns and rough set theory to quantify APT group relevance. It extracts two types of features from threat intelligence: APT attack objects and behavior features. To address the issues of inconsistency and limitations in threat intelligence, this method uses rough set theory to model APT group behavior and designs a link prediction method to infer correlations among APT groups. Experimental results on publicly available APT analysis reports show a correlation precision of 90.90%. The similarity coefficient accurately reflects the correlation strength, validating the method’s efficacy and accuracy.
9
Nkiru, Ezefosie, and Ohemu Monday Fredrick. "A Data Driven Anomaly Based Behavior Detection Method for Advanced Persistent Threats (APT)." International Journal of Science and Research (IJSR) 10, no. 8 (2021): 663–67. https://doi.org/10.21275/sr21726172522.
Full text
10
Wang, Lun, Qiang Chen, and Daoming Li. "Managing Advanced Persistent Threats (APTs): Detection Strategies and Network Defense Mechanisms." Journal of Economic Theory and Business Management 1, no. 4 (2024): 9–17. https://doi.org/10.5281/zenodo.13212276.
Full textAbstract:
Advanced Persistent Threats (APTs) represent one of the most significant challenges in cybersecurity today. These threats are characterized by their stealthy, sophisticated, and persistent nature, often targeting high-value entities such as government institutions, financial systems, and critical infrastructure. This paper explores the nature of APTs, focusing on detection strategies and network defense mechanisms. Through a comprehensive review of existing literature and case studies, the paper presents an in-depth analysis of how APTs operate and how organizations can effectively detect and mitigate these threats. The paper also discusses the implications of emerging technologies and future directions in APT defense.This study highlights the evolving tactics used by APT groups, emphasizing the need for adaptive and layered security approaches. Moreover, it underscores the importance of integrating threat intelligence and automated response systems into existing cybersecurity frameworks. By examining both successful and failed defense strategies in past APT incidents, this paper provides actionable insights for enhancing organizational resilience against such sophisticated threats. The findings aim to contribute to the ongoing discourse on improving cybersecurity practices and inform the development of more robust, future-proof defense mechanisms.
11
MITTAL, Raghav, Ivan CVITIĆ, Dragan PERAKOVIĆ, and Soosaimarian Peter RAJA. "Proactive Detection and Mitigation Strategies for Advanced Persistent Threats." Promet - Traffic&Transportation 37, no. 3 (2025): 546–69. https://doi.org/10.7307/ptt.v37i3.1088.
Full textAbstract:
This research explores the growing threat of advanced persistent threats (APTs), which pose significant risks to national security, organisational operations and critical infrastructure. APTs have become increasingly sophisticated, targeting various sectors and demanding more effective defences to protect sensitive data and key systems. The focus of this paper is on addressing the rising frequency and complexity of APT attacks, aiming to provide a detailed analysis of their evolving tactics and the need for proactive security measures. Specifically, the paper examines current gaps in APT detection, from the initial stages of infiltration through to the complete removal of the threat. To address these challenges, the study introduces several detection strategies, including advanced correlation techniques, behavioural analysis of network traffic and user activity, and the application of machine learning and AI to improve threat identification. The paper analyses real-world APT incidents and discusses how monitoring and deception tactics can enhance security measures. It highlights the ongoing challenges presented by APTs, particularly their adaptive and dynamic attack methods, and emphasises the need for continuous improvement in defensive strategies. In conclusion, the paper outlines key areas for future research and stresses the importance of a proactive, evolving approach to counter the persistent and evolving nature of APTs.
12
Okwara, Jerry Chizoba, and Abba Kyari Buba. "Ensemble classifiers for detection of advanced persistent threats." Global Journal of Engineering and Technology Advances 2, no. 2 (2021): 001–10. https://doi.org/10.5281/zenodo.4467346.
Full textAbstract:
The demand for application of technology in almost all walks of life is in the increase and can be seen to be geared by the paradigm changes in industrial revolutions (current 4.0), IoT/IoE (Internet of Things/Internet of Everything) concept, Internet 2.0, Artificial Intelligence (AI), BYOD (Bring Your Own Device) to mention a few but not without their increased inherent vulnerabilities and exposure to sophisticated and dynamic awaiting threats. Advanced Persistent Threats (APTs) among other malwares are some of the malicious attacks given serious attention as they have shown some level of complexities thereby causing defender solutions to poorly detect them. Poor APT attack tactics understanding, insufficient network traffic log analysis and poor classification are some of the problems identified for poor detection of these attacks. Network traffic logs are used by researchers to analyze the network and track attacks as packets move across network nodes. This research studies attack modelling in order to understand APT attack tactics and generate their dataset through simulation as well as a real dataset for normal operation. The experiment will be simulated on a virtual environment using dimensionality reduction technique on the network traffic log for improved log processing. To improve the APT detection accuracy flawed by their stealthiness, the ensemble of classifiers (Support Vector Machine, Random Forest, Decision Tree) with majority voting is used for better attack classification which resultantly gives a better detection accuracy of 90.47%.
13
Keliris, Anastasis, and Michail Maniatakos. "Demystifying Advanced Persistent Threats for Industrial Control Systems." Mechanical Engineering 139, no. 03 (2017): S13—S17. http://dx.doi.org/10.1115/1.2017-mar-6.
Full textAbstract:
This article discusses a comprehensive methodology for designing an Advanced Persistent Threat (APT), which is a stealthy and continuous type of cyberattack with a high level of sophistication suitable for the complex environment of Industrial Control Systems (ICS). The article also explains defensive strategies that can assist in thwarting cyberattacks. The APT design process begins with Reconnaissance, which is continuously undertaken throughout the lifetime of a cyberattack campaign. With regard to securing the network infrastructure of an ICS, best practices for network security should be enforced. These could include the use of firewalls, Intrusion Detection or Prevention Systems (IDS/IPS), and network separation between corporate and field networks. A new field of research for securing ICS relates to process-aware defense mechanisms. These mechanisms analyze information directly from the field and try to detect anomalies specific to the physical characteristics of an ICS process.
14
Brandao, Pedro. "Combating Advanced Persistent Threats through Artificial Intelligence: An Algorithmic Approach." Open Research Europe 5 (May 20, 2025): 139. https://doi.org/10.12688/openreseurope.20268.1.
Full textAbstract:
This essay emphasizes the significance of leveraging Artificial Intelligence (AI) tools to combat Advanced Persistent Threats (APTs). Central to this study is the theoretical framework describing the design and evaluation of algorithms that analyze very large datasets of security-related consultation items. Algorithms for the aggregation of such datasets are also developed along with a detailed methodology to ensure sufficient statistical significance. To test the research hypothesis, the designed algorithms were used to analyze a large dataset containing detailed data on APT campaigns. APT campaigns involve a chain of distinct attacks aimed at obtaining control over computational assets. APT campaigns are important cyber security threats as they are difficult to detect and are part of a lucrative black market currently worth hundreds of billions of dollars. Refined tools for launching and managing APT campaigns are supplied to criminal organizations and state actors through Growth Hacking, Inbound Marketing, and other B2B services. Networks of controlled computational assets infiltrated by sell-side ad networks are extensively leveraged by these tools. Improved algorithms have been developed for coordinating content consumption and carrying out hacking and phishing attacks. These data are kept in a unique, bottom-up event model that describes the lifecycle of APT campaigns and considers their participants’ limited knowledge. In the spirit of open science, collection, deduplication, labeling, and feature engineering scripts, dataset splits, data dictionaries, and other materials have been released along with the results of this study. The developed algorithms were used to train and evaluate predictive models for the lifecycle stages of APT campaigns and the decision to bond with them. By yielding new domain knowledge and insights, this study encourages researchers to co-create domain-specific machine-learning algorithms with practitioners focusing on countermeasures and highlights the need for a new multi-disciplinary field merging “Growth Hacking, Inbound Marketing, and Early-Stage Venture Cyber Security VC Strategies” 1 .
15
Liu, Fa Gui, and Xiao Jie Zhang. "Research and Design of a Trusted Distributed File System Based on HDFS." Applied Mechanics and Materials 602-605 (August 2014): 3282–84. http://dx.doi.org/10.4028/www.scientific.net/amm.602-605.3282.
Full textAbstract:
Distributed file systems such as HDFS are facing the threat of Advanced Persistent Threat, APT. Although security mechanisms such as Kerberos and ACL are implemented in distributed file systems, most of them are not sufficient to solve the threats caused by APT. With the observation into traits of APT, we propose a trusted distributed file system based on HDFS, which guarantees another further security facing APT compared to the current security mechanism.
16
Abdul, Khadar A., Shrishail Math Dr., Brahmananda S. H. Dr., and Shivamurthy G. Dr. "Website Vulnerability Detection: Inception of Mitigation of Advanced Persistent Threats." Solid State Technology 63, no. 6 (2020): 7902. https://doi.org/10.5281/zenodo.7549581.
Full textAbstract:
There are four basic stages of Advanced Persistent Threat attacks Study, Spear, Search and Sabotage. The study stage is executed with intent to acquire as much information as possible about attack target through various methods. One of the most successful methods is to gather the vulnerabilities of the target website. To counter the APTs the very basic solution is to detect the vulnerabilities present in the website and build an attack proof website to further shorten the chance of APT attacks. Vulnerability is a weakness that exists in the computer component upon exploiting which the attacker can adversely affect on integrity, confidentiality and availability of the computer component. This paper presents the methods of detecting the website vulnerabilities and methods of eliminating them. The vulnerability detection could be the most profitable method in the direction of preventing the APTs attack.
17
Akpan Itoro Udofot, Akpan Itoro Udofot, Omotosho Moses Oluseyi Omotosho Moses Oluseyi, and Edim Bassey Edim Edim Bassey Edim. "A Deep Learning Approach to Detecting Advanced Persistent Threats in Cybersecurity." International Journal of Advances in Engineering and Management 06, no. 12 (2024): 204–13. https://doi.org/10.35629/5252-0612204213.
Full textAbstract:
Advanced Persistent Threats (APTs) represent one of the most sophisticated and insidious forms of cyber-attacks, often eluding traditional detection methods due to their stealthy and prolonged nature. This paper presents a novel approach to detecting APTs by leveraging the power of deep learning. We propose a hybrid model that combines Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks to capture both the spatial and temporal features inherent in APT behaviors. The model was trained and validated on a comprehensive dataset, demonstrating an accuracy of 98.5% in detecting APT activities, significantly outperforming traditional machine learning models. The proposed approach not only enhances detection accuracy but also reduces false positive rates, making it a robust solution for real-time cybersecurity applications. Our findings highlight the potential of deep learning to revolutionize APT detection, offering a scalable and adaptive framework for securing critical systems against evolving cyber threats. Future work will focus on refining the model for deployment in diverse operational environments and incorporating adaptive learning techniques to keep pace with the rapidly changing threat landscape
18
Kumrashan, Indranil Iyer. "Proactive Threat Hunting: Leveraging AI for Early Detection of Advanced Persistent Threats." European Journal of Advances in Engineering and Technology 11, no. 2 (2024): 69–76. https://doi.org/10.5281/zenodo.15260469.
Full textAbstract:
Advanced Persistent Threats (APTs) represent one of the most sophisticated and long-term cybersecurity threats faced by enterprises, government agencies, and critical infrastructure operators. APTs frequently employ stealthy tactics to maintain persistent access, evade detection, and methodically exfiltrate valuable data. Traditional reactive security measures (e.g., signature-based antivirus tools and basic intrusion detection) often fail to detect APTs in their early stages. This paper presents an overview of proactive threat hunting strategies that harness artificial intelligence (AI) to identify and neutralize APTs before they escalate. We discuss the role of machine learning (ML) in detecting anomalous behaviors within vast telemetry datasets, leveraging techniques such as unsupervised clustering, graph-based anomaly detection, and behavioral analytics. For instance, AI-powered models can analyze deviations in user authentication patterns, lateral movement within a network, and subtle exfiltration techniques (key indicators of an ongoing APT attack). We further highlight key challenges in AI-driven threat hunting, such as adversarial evasion tactics, data quality constraints, and false positive reduction. Finally, we propose a conceptual model that integrates AI analytics with human expertise for timely, accurate APT detection. We conclude with recommendations for practical AI-based threat-hunting deployments and future research directions in proactive cyber defense.
19
Wang, Luoli. "A spatial-temporal correlation based method for advanced persistent threat detection." Journal of Physics: Conference Series 2113, no. 1 (2021): 012037. http://dx.doi.org/10.1088/1742-6596/2113/1/012037.
Full textAbstract:
Abstract Advanced Persistent Threats (APT) have caused severe damage to the core information infrastructure of many governments and organizations. APT attacks usually remain low and slow which makes them difficult to be detected. In this case, the way of correlatively analyzing massive logs generated by various security devices for effectively detecting the new type of cyber threat turns out to be more and more significant. In this paper, on the basis of analyzing the principles and characteristics of APT, we propose an intelligent threat detection method based on the expanded Cyber Attack Chain (CAC) model and the long short-term memory network (LSTM) autoencoder to extensively correlate malicious behaviors from spatial and temporal dimensions, which provides a brain new idea for the application and practice of complex network attack detection.
20
Oughannou, Zahra, Zakaria El Rhadiouini, Habiba Chaoui, and Salmane Bourekkadi. "Anomaly-Based Intrusion Detection System To Detect Advanced Persistent Threats: Environmental Sustainability." E3S Web of Conferences 412 (2023): 01106. http://dx.doi.org/10.1051/e3sconf/202341201106.
Full textAbstract:
In an evolving digital world, Advanced Persistent Threats (APTs) pose severe cybersecurity challenges. These extended, stealthy cyber-attacks, often elude conventional Intrusion Detection Systems (IDS). To bridge this gap, our research introduces a novel, environmentally conscious, deep learning-based IDS designed for APT detection. The system encompasses various stages from objective definition, data collection and preprocessing, to model development, integration, validation, and deployment. The system, utilizing deep learning algorithms, scrutinizes network traffic to detect patterns characteristic of APTs. This approach improves IDS accuracy and allows real-time threat detection, enabling prompt response to potential threats. Importantly, our system contributes to environmental protection by minimizing power consumption and electronic waste associated with cyberattacks, promoting sustainable cybersecurity practices. Our research outcomes are expected to enhance APT detection, providing robust defense against sophisticated cyber threats. Our environmentally-conscious perspective adds a unique dimension to the cybersecurity domain, underlining its role in sustainable practices.
21
Sarkunavathi, A., and V. Srinivasan. "A Detailed Study on Advanced Persistent Threats: A Sophisticated Threat." Asian Journal of Computer Science and Technology 7, S1 (2018): 90–95. http://dx.doi.org/10.51983/ajcst-2018.7.s1.1797.
Full textAbstract:
In the present world computer networks are used to store sensitive information and to provide services for organizations and society. The growth of internet and the increased use of computers in society along with smart devices lead to the increase in cyber crimes and persistent attacks. The most complex and advanced attacks are targeted attacks which are specifically aimed at companies or governments to accomplish the predetermined goals such as economic advantages, strategic benefits, getting control of sensitive information. Hackers try to access sensitive data from cyber space and there by become as advanced malware developers for the security systems. One type of such attack is Advanced Persistent Threats (APT) which targets the governmental institutions, military, multinational enterprises, financial industry, manufacturing and banks. The approach that is followed by the attackers are repeated attempts using different methods such as , stealth approach, adapting to the existing defense mechanisms, stealthily infiltrating the network to avoid any suspicions like involving in sleep modes before commencing any attack. The effects of these attacks are ex-filtration of key intelligence property, stoppage of fundamental services, and destruction of critical infrastructure. This paper is about the detailed study of Advanced Persistent threats to provide an idea about the advanced attacks.
22
Hagen, Raymond André, and Kirsi Helkala. "Complexity of Contemporary Indicators of Compromise." European Conference on Cyber Warfare and Security 23, no. 1 (2024): 697–707. http://dx.doi.org/10.34190/eccws.23.1.2149.
Full textAbstract:
The cybersecurity landscape has undergone substantial transformation, especially in the sphere of Advanced Persistent Threats (APT). These evolving threats, marked by increased sophistication, scale, and impact, require the critical revaluation of traditional security models and the development of more advanced defensive strategies. This study offers a comprehensive analysis of the progress in APT attack methodologies over the past 30 years, focused on the evolving nature of compromise (IoCs) and their role in shaping future predictive and defensive mechanisms. Using a rigorous methodological approach, this survey systematically reviewed 21 significant APT incidents that span three decades. This includes integrating data from various sources such as academic journals, specialised cybersecurity blogs, and media reports. Using comparative and analytical methods, this study dissects each incident to provide an intricate understanding of the APT landscape and the evolution of IoCs. Our findings indicate a notable change in thinking from isolated hacker activities to organised state-sponsored APT operations driven by complex motives such as political espionage, economic disruption, and national security interests. Advancements in APTs are characterised by sophisticated persistence mechanisms, innovative attack vectors, advanced lateral movement within networks, and more covert data exfiltration and evasion methods.This study emphasises the difficulties in detecting advanced persistent threat (APT) activities due to their sophisticated and secretive nature. This stresses the importance of thoroughly investigating the evidence of such activities and highlights the need for a dynamic and initiative-cybersecurity approach. This study also highlights the crucial role of integrating IoC understanding into AI-driven predictive models and frameworks to predict potential APT. This integration is essential for the development of pre-emptive defence strategies. This study provides valuable information on the evolving dynamics of cyber threats and emphasises the urgent need for forward-thinking adaptive cybersecurity strategies. It offers a framework for understanding the complexities of modern APTs and guides the development of more effective AI-enhanced defence mechanisms against emerging cyber threats.
23
Moya, Juan Ramón, Noemí DeCastro-García, Ramón-Ángel Fernández-Díaz, and Jorge Lorenzana Tamargo. "Expert knowledge and data analysis for detecting advanced persistent threats." Open Mathematics 15, no. 1 (2017): 1108–22. http://dx.doi.org/10.1515/math-2017-0094.
Full textAbstract:
Abstract Critical Infrastructures in public administration would be compromised by Advanced Persistent Threats (APT) which today constitute one of the most sophisticated ways of stealing information. This paper presents an effective, learning based tool that uses inductive techniques to analyze the information provided by firewall log files in an IT infrastructure, and detect suspicious activity in order to mark it as a potential APT. The experiments have been accomplished mixing real and synthetic data traffic to represent different proportions of normal and anomalous activity.
24
Nursari, Dessi. "North Korean Threat Perceptions in Advanced Persistent Threat (APT) Operations in Global Cyberspace." Dinasti International Journal of Education Management And Social Science 6, no. 4 (2025): 3370–79. https://doi.org/10.38035/dijemss.v6i4.4665.
Full textAbstract:
Technological developments have given rise to new threats in the form of cyber attacks, one of which is Advanced Persistent Threat (APT). APT is a campaign of attacks by groups that may or may not be linked to a state (state-sponsored). Based on reports from various sources related to cyber security, data shows that cyber attacks originating from North Korea have targeted several countries in various sectors such as government, finance, and private industry. Therefore, this study aims to understand the perceptions and motives behind cyber attacks, including those carried out by North Korean APT groups in targeting the global cyberspace. This study uses a qualitative-deductive method with the threat perception theory, as well as data from literature and documents from various scientific sources. The results show that North Korea's APT is an asymmetric strategy used to maintain regime stability and mitigate global economic pressures in a hidden way.
25
Karabacak, Bilge, and Todd Whittaker. "Zero Trust and Advanced Persistent Threats: Who Will Win the War?" International Conference on Cyber Warfare and Security 17, no. 1 (2022): 92–101. http://dx.doi.org/10.34190/iccws.17.1.10.
Full textAbstract:
Advanced Persistent Threats (APTs) are state-sponsored actors who break into computer networks for political or industrial espionage. Because of the nature of cyberspace and ever-changing sophisticated attack techniques, it is challenging to prevent and detect APT attacks. 2020 United States Federal Government data breach once again showed how difficult to protect networks from targeted attacks. Among many other solutions and techniques, zero trust is a promising security architecture that might effectively prevent the intrusion attempts of APT actors. In the zero trust model, no process insider or outside the network is trusted by default. Zero trust is also called perimeterless security to indicate that it changes the focus from network devices to assets. All processes are required to verify themselves to access the resources. In this paper, we focused on APT prevention. We sought an answer to the question: "could the 2020 United States Federal Government data breach have been prevented if the attacked networks used zero trust architecture?" To answer this question, we used MITRE's ATT&CK® framework to extract how the APT29 threat group techniques could be mitigated to prevent initial access to federal networks. Secondly, we listed basic constructs of the zero trust model using NIST Special Publication 800-207 and several other academic and industry resources. Finally, we analyzed how zero trust can prevent malicious APT activities. We found that zero trust has a strong potential of preventing APT attacks or mitigating them significantly. We also suggested that vulnerability scanning, application developer guidance, and training should not be neglected in zero trust implementations as they are not explicitly or strongly mentioned in NIST SP 800-207 and are among the mostly referred controls in academic and industry publications.
26
Hagen, Raymond André. "Computational Forensics: The Essential Role of Logs in APT and Advanced Cyberattack Response." International Conference on Cyber Warfare and Security 20, no. 1 (2025): 547–54. https://doi.org/10.34190/iccws.20.1.3328.
Full textAbstract:
Advanced Persistent Threats (APTs) represent one of the most complex challenges in modern cybersecurity, characterized by their stealth, persistence, and sophistication. This study investigates the critical yet underutilized role of log analysis in detecting and responding to APTs, drawing on semi-structured interviews with 12 cybersecurity professionals from diverse sectors. Findings highlight logs as indispensable tools for identifying anomalies, reconstructing attack timelines, and understanding adversary tactics, techniques, and procedures (TTPs). However, barriers such as overwhelming data volumes, lack of standardization, and limited analytical tools hinder their effective utilization. To address these challenges, the study proposes actionable recommendations, including the adoption of standardized log formats, AI-driven real-time analysis, enhanced visibility across systems, and collaboration for threat intelligence sharing. These findings underscore logs’ dual role as investigative assets and catalysts for improved cybersecurity resilience, offering a strategic roadmap for leveraging log analysis to counter evolving APT threats.
27
Nagendrababu NC, Samyama Gunjal GH, and Himabindhu N. "Advance persistent threat prediction using knowledge graph." International Journal of Science and Technology Research Archive 6, no. 2 (2024): 071–82. http://dx.doi.org/10.53771/ijstra.2024.6.2.0047.
Full textAbstract:
Advanced persistent threats (APTs) are a major threat to cybersecurity, and they are typically attributed to nation-state actors or well-organized groups with sophisticated capabilities. This knowledge graph is intended to help you understand and attribute APT organizations by providing a framework for understanding their characteristics, attributing challenges, attributing clues, attributing methodologies, and attributing limitations. By understanding APT organizations and attributing challenges, clues, methodologies, and attribution limitations, you can gain valuable insights and methods for unraveling the mystery surrounding APT organizations. The graph highlights the difficulties and intricacies associated with attribution, such as false flags, use of proxies, cooperation between APTs and the evolving tactics employed by threat actors. State- sponsored attribution is based on government statements or intelligence agency reports; private sector attribution is based on cybersecurity firms’ reports or threat intelligence sharing; and academia and independent research is based on academic and non-academic sources. The graph serves as a resource for cybersecurity professionals, analysts and researchers looking for a systematic framework to improve their understanding and ability to attribute cyberattacks to attack actors. It offers in-depth analysis and practical advice to navigate the complex landscape of APP attribution in today’s rapidly changing cybersecurity landscape.
28
Chakkaravarthy, S. Sibi, V. Vaidehi, and P. Rajesh. "Hybrid Analysis Technique to detect Advanced Persistent Threats." International Journal of Intelligent Information Technologies 14, no. 2 (2018): 59–76. http://dx.doi.org/10.4018/ijiit.2018040104.
Full textAbstract:
Advanced persistent threats (APT) are major threats in the field of system and network security. They are extremely stealthy and use advanced evasion techniques like packing and behaviour obfuscation to hide their malicious behaviour and evade the detection methods. Existing behavior-based detection technique fails to detect the APTs due to its high persistence mechanism and sophisticated code nature. Hence, a novel hybrid analysis technique using Behavior based Sandboxing approach is proposed. The proposed technique consists of four phases namely, Static, Dynamic, Memory and System state analysis. Initially, static analysis is performed on the sample which involves packer detection and signature verification. If the sample is found stealthy and remains undetected, then it is executed inside a sandbox environment to analyze its behavior. Further, memory analysis is performed to extract memory artefacts of the current system state. Finally, system state analysis is performed by correlating clean system state and infected system state to determine whether the system is compromised
29
Ray, Loye L., and Henry Felch. "Methodology for Detecting Advanced Persistent Threats in Oracle Databases." International Journal of Strategic Information Technology and Applications 5, no. 1 (2014): 42–53. http://dx.doi.org/10.4018/ijsita.2014010104.
Full textAbstract:
Advanced persistent threats (APTs) have become a big problem for computer systems. Databases are vulnerable to these threats and can give attackers access to an organizations sensitive data. Oracle databases are at greater risk due to their heavy use as back-ends to corporate applications such as enterprise resource planning software. This paper will describe a methodology for finding APTs that may be hiding or operating deep within an Oracle database system. Using a deep understanding of Oracle normal operations provides a baseline to assist in discovering APT behavior. Incorporating these into a database intrusion detection system can raise the ability for finding these threats.
30
Aswathi, Radhakrishnan K. M. "Machine Learning based Advanced Persistent Threat Attack Detection System." Recent Innovations in Wireless Network Security 5, no. 3 (2023): 22–30. https://doi.org/10.5281/zenodo.8268062.
Full textAbstract:
<em>An advanced persistent threat [APT] is a multistage selective attack that obtains unauthorised access to data and correspondence frameworks to channel classified information or cause harm to an organization, industry, or government association. In most of the situations where APT is successfully organized and ready to attack, defending against APT is too late, especially in the last phase. In the context of such long-term and undetected attacks, detection of these attacks based on the attack life cycle is important. Several approaches including machine learning techniques have been proposed to improve the problem of detection.</em>
31
Abdullateef Barakat. "Enhancing global cybersecurity: Strategies for mitigating advanced persistent threats (APTS) in a borderless digital landscape." World Journal of Advanced Research and Reviews 25, no. 3 (2025): 829–46. https://doi.org/10.30574/wjarr.2025.25.3.0815.
Full textAbstract:
Advanced Persistent Threats (APTs) evolved into the most advanced persistent cyber threats that plague modern digital infrastructure worldwide. APTs differ from ordinary cyberattacks through their specific and hidden nature, which nation-states, cybers, criminals, and industrial espionage groups undertake for extended periods. The technical growth of digital systems worldwide creates substantial security issues because attackers take advantage of unconnected legal zones and technical vulnerabilities while exploiting differences in regulations across different regions. The adoption of cloud technology, the Internet of Things, and artificial intelligence enables cyber adversary warfare methods to progress toward more strategic sophisticated operations because these technologies increase the complexity of cybercrime. A review of APT evolution and methodologies within a digital world with no borders demonstrates the necessity of international coordination for threat mitigation. The examination reveals two weaknesses of present cybersecurity systems: standard defensive approaches work only from within borders, and member states lack sufficient ways to exchange information about threats. This study develops sophisticated privacy-preserving solutions that use artificial intelligence, predictive methods, and Zero Trust Architecture (ZTA) to strengthen worldwide cyber defense capabilities. The study adopts a diverse research method that combines analysis of technical data with case investigations of major APT incidents and complete national cybersecurity policy evaluations. Statistical and thematic analysis of the study shows how present-day defenses perform while spotting new attack procedures and quantifying international cybersecurity project success. Traditional cybersecurity implementations remain important yet insufficient for preventing contemporary APT assaults. Fighting APT risks demands better AI threat identification, uninterrupted networking controls, and expanded international security partnerships. Additionally, the research shows that organizations must establish proactive cybersecurity frameworks that combine Zero Trust architecture with real-time intelligence sharing and strict policy implementation. Strengthening defenses against APTs across the interconnected world requires major recommendations, which the study provides explicitly for cybersecurity professionals, policymakers, and industrial stakeholders.
32
Hallaji, Ehsan, Roozbeh Razavi-Far, and Mehrdad Saif. "Robust Federated Learning for Mitigating Advanced Persistent Threats in Cyber-Physical Systems." Applied Sciences 14, no. 19 (2024): 8840. http://dx.doi.org/10.3390/app14198840.
Full textAbstract:
Malware triage is essential for the security of cyber-physical systems, particularly against Advanced Persistent Threats (APTs). Proper data for this task, however, are hard to come by, as organizations are often reluctant to share their network data due to security concerns. To tackle this issue, this paper presents a secure and distributed framework for the collaborative training of a global model for APT triage without compromising privacy. Using this framework, organizations can share knowledge of APTs without disclosing private data. Moreover, the proposed design employs robust aggregation protocols to safeguard the global model against potential adversaries. The proposed framework is evaluated using real-world data with 15 different APT mechanisms. To make the simulations more challenging, we assume that edge nodes have partial knowledge of APTs. The obtained results demonstrate that participants in the proposed framework can privately share their knowledge, resulting in a robust global model that accurately detects APTs with significant improvement across different model architectures. Under optimal conditions, the designed framework detects almost all APT scenarios with an accuracy of over 90 percent.
33
Mathew, Alex. "Threat Defense through Cyber Fusion." International Journal of Computer Science and Mobile Computing 12, no. 1 (2023): 24–27. http://dx.doi.org/10.47760/ijcsmc.2022.v12i01.003.
Full textAbstract:
Using cyber fusion to detect advanced persistent threats (APTs) is a complex task requiring integrating and correlating multiple sources of information and data. APTs are a specific type of cyber-attack where an attacker establishes a long-term, undetected presence on a target's network to steal sensitive information or disrupt operations. Due to the nature of APTs, it can be hard to detect them and take action. However, using threat intelligence is also a key component of APT detection. It provides actionable information about new APTs and the tactics and techniques used by APT attackers, allowing organizations to adapt their defenses and be proactive in their threat response. It is also essential to have a well-coordinated incident response plan and a skilled team to manage the system to ensure that all aspects of the system are working together effectively and efficiently. Consequently, this systematic review of academic and professional literature examines latent material that covers the use of cyber fusion to detect advanced persistent threats (APTs) in different IT environments.
34
Wibowo, Budi, Aji Nurrohman, and Luqman Hafiz. "Deep Learning in Wazuh Intrusion Detection System to Identify Advanced Persistent Threat (APT) Attacks." International Journal of Science Education and Cultural Studies 4, no. 1 (2025): 1–10. https://doi.org/10.58291/ijsecs.v4i1.311.
Full textAbstract:
Advanced Persistent Threats (APTs) pose a significant challenge in modern cybersecurity by leveraging persistent and sophisticated methods to compromise organizations. These threats employ advanced techniques such as encrypted communication, polymorphic malware, and log tampering, to evade detection, exfiltrate sensitive data, and disrupt critical infrastructure. Such characteristics often render conventional security measures ineffective in mitigating or preventing such attacks. This study adopted an experimental approach to assess the application of Wazuh, an advanced open-source security platform, in countering APT attacks. By simulating attack scenarios and analyzing real-time logs from diverse sources, Wazuh demonstrated strong intrusion detection capabilities, identifying attack patterns such as brute force attempts and unauthorized directory access. The findings underscore Wazuh’s effectiveness in enhancing organizational resilience by enabling rapid detection and response to suspicious activities. This research highlights how integrated log analysis can address the stealthy nature of APTs. Future studies should explore the integration of machine learning with platforms like Wazuh to further enhance automated and predictive threat detection capabilities, thereby strengthening defenses against evolving strategies of APTs.
35
Yan, Guanghua, Qiang Li, Dong Guo, and Bing Li. "AULD: Large Scale Suspicious DNS Activities Detection via Unsupervised Learning in Advanced Persistent Threats." Sensors 19, no. 14 (2019): 3180. http://dx.doi.org/10.3390/s19143180.
Full textAbstract:
In recent years, sensors in the Internet of things have been commonly used in Human’s life. APT (Advanced Persistent Threats) has caused serious damage to network security and the sensors play an important role in the attack process. For a long time, attackers infiltrate, attack, conceal, spread, and steal information of target groups through the compound use of various attacking means, while existing security measures based on single-time nodes cannot defend against such attacks. Attackers often exploit the sensors’ vulnerabilities to attack targets because the security level of the sensors is relatively low when compared with that of the host. We can find APT attacks by checking the suspicious domains generated at different APT attack stages, since every APT attack has to use DNS to communicate. Although this method works, two challenges still exist: (1) the detection method needs to check a large scale of log data; (2) the small number of attacking samples limits conventional supervised learning. This paper proposes an APT detection framework AULD (Advanced Persistent Threats Unsupervised Learning Detection) to detect suspicious domains in APT attacks by using unsupervised learning. We extract ten important features from the host, domain name, and time from a large number of DNS log data. Later, we get the suspicious cluster by performing unsupervised learning. We put all of the domains in the cluster into the list of malicious domains. We collected 1,584,225,274 DNS records from our university network. The experiments show that AULD detected all of the attacking samples and that AULD can effectively detect the suspicious domain names in APT attacks.
36
Li, Wentao. "A Comparative Analysis of Advanced Persistent Threat Detection Methodologies: A Systematic Review." Applied and Computational Engineering 165, no. 1 (2025): 102–8. https://doi.org/10.54254/2755-2721/2025.ld24900.
Full textAbstract:
Advanced Persistent Threats (APTs) represent sophisticated, long-term cyberattacks targeting critical infrastructure and sensitive data, posing significant challenges to conventional security mechanisms. This review systematically analyzes and compares state-of-the-art APT detection methodologies documented in recent scientific literature. The study examines peer-reviewed journals, conference proceedings, and seminal technical reports published between 2021 and 2025, focusing on detection frameworks, underlying technologies (including machine learning, deep learning, provenance analysis, and Large Language Models), performance metrics (accuracy, false positive rates, real-time capability), and operational constraints. Key findings indicate that approaches integrating behavioral analysis with artificial intelligence, particularly those leveraging provenance tracing and LLM-enhanced anomaly interpretation, demonstrate superior efficacy in identifying stealthy, multi-stage APT activities compared to signature-based or isolated ML solutions. Hybrid systems combining real-time data processing with contextual threat intelligence exhibit the highest resilience against evolving APT tactics. The conclusion underscores the necessity of adaptive, multi-layered detection frameworks and identifies emerging research trends, including explainable AI for forensic attribution and cross-platform detection standardization.
37
Jang, Seok-Woo, and Yong-Joon Lee. "A Study on the APT Attack Scenario Verification System." Journal of the Korea Academia-Industrial cooperation Society 24, no. 4 (2023): 610–15. http://dx.doi.org/10.5762/kais.2023.24.4.610.
Full text
38
Onome, Dr Oghene Augustine. "Advanced Cyber Exploitation and Mitigation Methodology." International Journal of Emerging Science and Engineering 10, no. 4 (2022): 8–15. http://dx.doi.org/10.35940/ijese.c2525.0310422.
Full textAbstract:
The aim of this article looks into the comprehensive methods in re-architecting a security operations centre (SOC) to protect corporate computing frameworks. Through persistent exploitation using advanced technologies, cyber threat infiltration has caused financial losses to enterprises all over the world. No progress has been made yet in terms of technological improvements, particularly in combining cybersecurity equipment. Cybercriminals, on the other hand, are constantly improving their tools and methodologies in order to breach any business. Multiple exploitations through networks, systems, and phishing emails have resulted in incoming dangers, threats, and vulnerabilities in areas such as data privacy and security due to rapid technological advancement. To protect their working environment, several firms in many sectors have resorted outmoded technologies which are ineffective in the face of advanced persistent threats (APT). Cybersecurity actors are well-equipped groups with extensive knowledge that can infiltrate even the most secure of organizations. Cyber security is seen as a major issue around the world. As a result, dedicated cyber security researchers are analysing both existing dangers and emerging threat approach patterns in order to develop a technique that can be integrated with cybersecurity management.
39
Dr., Oghene Augustine Onome. "Advanced Cyber Exploitation and Mitigation Methodology." International Journal of Emerging Science and Engineering (IJESE) 10, no. 4 (2022): 8–15. https://doi.org/10.35940/ijese.C2525.0310422.
Full textAbstract:
<strong>Abstract:</strong> The aim of this article looks into the comprehensive methods in re-architecting a security operations centre (SOC) to protect corporate computing frameworks. Through persistent exploitation using advanced technologies, cyber threat infiltration has caused financial losses to enterprises all over the world. No progress has been made yet in terms of technological improvements, particularly in combining cybersecurity equipment. Cybercriminals, on the other hand, are constantly improving their tools and methodologies in order to breach any business. Multiple exploitations through networks, systems, and phishing emails have resulted in incoming dangers, threats, and vulnerabilities in areas such as data privacy and security due to rapid technological advancement. To protect their working environment, several firms in many sectors have resorted outmoded technologies which are ineffective in the face of advanced persistent threats (APT). Cybersecurity actors are well-equipped groups with extensive knowledge that can infiltrate even the most secure of organizations. Cyber security is seen as a major issue around the world. As a result, dedicated cyber security researchers are analysing both existing dangers and emerging threat approach patterns in order to develop a technique that can be integrated with cybersecurity management.
40
Shaik Mabu Basha, Banala Laxmi Venkata Sai Akhil, Boya Akhil, Rajala Madhusudhan Reddy, and Dr. Tippanna. "Defensive Deception Based on Hyper Game Theory against Advanced Persistent Threats." International Journal of Scientific Research in Science, Engineering and Technology 12, no. 3 (2025): 65–71. https://doi.org/10.32628/ijsrset2512314.
Full textAbstract:
Defensive deception techniques have emerged as a promising proactive defense mechanism to mislead an attacker and thereby achieve attack failure. However, most game-theoretic defensive deception approaches have assumed that players maintain consistent views under uncertainty. They do not consider players’ possible, subjective beliefs formed due to a symmetric information given to them. In this work, we formulate a hyper game between an attacker and a defender where they can interpret the same game differently and accordingly choose their best strategy based on their respective beliefs. This gives a chance for defensive deception strategies to manipulate an attacker’s belief, which is the key to the attacker’s decision making. We consider advanced persistent threat (APT) attacks, which perform multiple attacks in the stages of the cyber killchain where both the attacker and the defender aim to select optimal strategies based on their beliefs. Through extensive simulation experiments, we demonstrated how effectively the defender can leverage defensive deception techniques while dealing with multi-staged APT attacks in a hypergame in which the imperfect information is reflected based on perceived uncertainty, cost, and expected utilities of both attacker and defender, the system lifetime (i.e., mean time tosecurity failure), and improved false positive rates indetecting attackers.
41
Chu, Wen-Lin, Chih-Jer Lin, and Ke-Neng Chang. "Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine." Applied Sciences 9, no. 21 (2019): 4579. http://dx.doi.org/10.3390/app9214579.
Full textAbstract:
Traditional network attack and hacking models are constantly evolving to keep pace with the rapid development of network technology. Advanced persistent threat (APT), usually organized by a hacker group, is a complex and targeted attack method. A long period of strategic planning and information search usually precedes an attack on a specific goal. Focus is on a targeted object and customized specific methods are used to launch the attack and obtain confidential information. This study offers an attack detection system that enables early discovery of the APT attack. The system uses the NSL-KDD database for attack detection and verification. The main method uses principal component analysis (PCA) for feature sampling and the enhancement of detection efficiency. The advantages and disadvantages of using the classifiers are then compared to detect the dataset, the classifier supports the vector machine, naive Bayes classification, the decision tree and neural networks. Results of the experiments show the support vector machine (SVM) to have the highest recognition rate, reaching 97.22% (for the trained subdata A). The purpose of this study was to establish an APT early warning model mechanism, that could be used to reduce the impact and influence of APT attacks.
42
Chen, Gang, Chu Le Yang, Jun Yang, and Jun Ping Cai. "Research on APT and its Secrutiy Protection." Advanced Materials Research 989-994 (July 2014): 4970–73. http://dx.doi.org/10.4028/www.scientific.net/amr.989-994.4970.
Full textAbstract:
Advanced persistent threat (APT) has become a serious chanllenge to network security in recent yeas. Characteristics of this kind of network attack involve purposiveness,concealment,sustainability and variability, and it is hard to protect for critical infrastructure, financial systems, elements of national power, etc. These threats range from unwitting hackers to nation-states, each at various levels of competence. For performing security protection, five typical cases of APT including Night Dragon attack, Google Operation Aurora, RSA SecurID attack, Stuxnet attack and Shady Rat attack were analyzed. Its commonly attack process and technology characteristics are summarized. Finally, some suggestions and opinions on secrutiy protection were presented.
43
Lapsar, Aleksey, Sergey Nazaryan, and Alisa Vladimirova. "Ensuring the Resistance of Critical Information Infrastructure Objects to Advanced Persistent Threats." Voprosy kiberbezopasnosti, no. 2(48) (2022): 39–51. http://dx.doi.org/10.21681/2311-3456-2022-2-39-51.
Full textAbstract:
The purpose of the study: to improve security of significant objects of critical information infrastructure in conditions of destructive information impact, implemented in the form of advanced persistent threat (APT). Methods: comparative analysis of destructive information impact within the framework of a systematic approach; Markov theory of evolutionary processes; synergetics. Results: the authors carried out analysis of APT properties and their impact on objects of critical information infrastructure. To identify APTs, the use of a combination of various detection methods with the priority of heuristic analysis is substantiated. A scheme has been developed for the implementation of the method for assessing the state of an object of a critical information infrastructure based on a modified Markov-parametric model with a system for detecting computer attacks integrated into its structure. The preliminary assessment of computer attacks danger level as well as development of recommendations for their neutralization simultaneously with conducting the assessment of the properties and characteristics of destructive information impact are proposed.
44
Sugumar, R. Sugumar. "Cross-Layer Threat Detection Framework For Multi-Domain Apts Using Network Telemetry And Data Mining." Mathematical Statistician and Engineering Applications 71, no. 4 (2022): 16888–93. https://doi.org/10.17762/msea.v71i4.2986.
Full textAbstract:
Advanced Persistent Threats (APTs) present a considerable challenge to cybersecurity due to their elusive and multi-faceted nature. Conventional security measures frequently struggle to identify APTs due to their capacity to avoid signature-based detection and exploit vulnerabilities across various layers of the network. This paper introduces a Cross-Layer Threat Detection Framework that utilizes network telemetry and data mining techniques to recognize and address multi-domain APT activities. The framework consolidates data from numerous network layers, such as application, transport, and network layers, to construct a comprehensive view of potential threats. By employing sophisticated machine learning and data mining algorithms, the system identifies unusual behavior patterns that signal APTs. Moreover, real-time network telemetry data improves situational awareness, facilitating proactive threat hunting and mitigation efforts. Experimental findings reveal the framework’s efficacy in identifying stealthy APT activities with high precision and minimal false positive rates. The proposed method strengthens cybersecurity defenses by offering adaptive, scalable, and intelligent threat detection against complex APT campaigns.
45
Nicho, Mathew, Christopher D. McDermott, Hussein Fakhry, and Shini Girija. "A System Dynamics Approach to Evaluate Advanced Persistent Threat Vectors." International Journal of Information Security and Privacy 17, no. 1 (2023): 1–23. http://dx.doi.org/10.4018/ijisp.324064.
Full textAbstract:
Cyber-attacks targeting high-profile entities are focused, persistent, and employ common vectors with varying levels of sophistication to exploit social-technical vulnerabilities. Advanced persistent threats (APTs) deploy zero-day malware against such targets to gain entry through multiple security layers, exploiting the dynamic interplay of vulnerabilities in the target network. System dynamics (SD) offers an alternative approach to analyze non-linear, complex, and dynamic social-technical systems. This research applied SD to three high-profile APT attacks - Equifax, Carphone, and Zomato - to identify and simulate socio-technical variables leading to breaches. By modeling APTs using SD, managers can evaluate threats, predict attacks, and reduce damage by mitigating specific socio-technical cues. This study provides valuable insights into the dynamics of cyber threats, making it the first to apply SD to APTs.
46
Gan, Chenquan, Jiabin Lin, Da-Wen Huang, Qingyi Zhu, and Liang Tian. "Advanced Persistent Threats and Their Defense Methods in Industrial Internet of Things: A Survey." Mathematics 11, no. 14 (2023): 3115. http://dx.doi.org/10.3390/math11143115.
Full textAbstract:
The industrial internet of things (IIoT) is a key pillar of the intelligent society, integrating traditional industry with modern information technology to improve production efficiency and quality. However, the IIoT also faces serious challenges from advanced persistent threats (APTs), a stealthy and persistent method of attack that can cause enormous losses and damages. In this paper, we give the definition and development of APTs. Furthermore, we examine the types of APT attacks that each layer of the four-layer IIoT reference architecture may face and review existing defense techniques. Next, we use several models to model and analyze APT activities in IIoT to identify their inherent characteristics and patterns. Finally, based on a thorough discussion of IIoT security issues, we propose some open research topics and directions.
47
Li, Pengdeng, Xiaofan Yang, Qingyu Xiong, Junhao Wen, and Yuan Yan Tang. "Defending against the Advanced Persistent Threat: An Optimal Control Approach." Security and Communication Networks 2018 (2018): 1–14. http://dx.doi.org/10.1155/2018/2975376.
Full textAbstract:
The new cyberattack pattern of advanced persistent threat (APT) has posed a serious threat to modern society. This paper addresses the APT defense problem, that is, the problem of how to effectively defend against an APT campaign. Based on a novel APT attack-defense model, the effectiveness of an APT defense strategy is quantified. Thereby, the APT defense problem is modeled as an optimal control problem, in which an optimal control stands for a most effective APT defense strategy. The existence of an optimal control is proved, and an optimality system is derived. Consequently, an optimal control can be figured out by solving the optimality system. Some examples of the optimal control are given. Finally, the influence of some factors on the effectiveness of an optimal control is examined through computer experiments. These findings help organizations to work out policies of defending against APTs.
48
Wang, Lian Hai, and Qiu Liang Xu. "An APT Trojan Detection Method Based on Memory Forensics Techniques." Applied Mechanics and Materials 701-702 (December 2014): 927–34. http://dx.doi.org/10.4028/www.scientific.net/amm.701-702.927.
Full textAbstract:
Advanced Persistent Threat (APT) is currently reported to be one of the most serious threats. It is very important to detect the APT Trojan as early as possible. There are three types of approaches to conduct APT detection: network traffic analysis, change controlling and sandboxing. Unfortunately, all these approaches have limitations in detecting unknown APT Trojans. This paper proposes a novel APT Trojan detection method by utilizing memory forensics techniques. The proposed method first acquires the raw physical memory image from a target running system and then finds the APT’s traces in the memory image based on the ATP’s characteristics and memory forensics techniques. If enough traces are found, we can judge that there must be Trojans in the target system. Experimental results show that the proposed method can effectively detect new APT Trojans.
49
Shakil, Farhan, Sadia Afrin, Abdullah Al Mamun, et al. "HYBRID MULTI-MODAL DETECTION FRAMEWORK FOR ADVANCED PERSISTENT THREATS IN CORPORATE NETWORKS USING MACHINE LEARNING AND DEEP LEARNING." International Journal of Computer Science & Information System 10, no. 02 (2025): 6–20. https://doi.org/10.55640/ijcsis/volume10issue02-02.
Full textAbstract:
This study addresses the challenge of detecting Advanced Persistent Threats (APTs) in corporate networks by developing a hybrid multi-modal detection framework. We combine traditional machine learning models, deep learning architectures, and transformer-based models to improve the detection of sophisticated and stealthy cyber threats. A comprehensive dataset, consisting of network traffic and event logs, was processed through rigorous data preprocessing, feature engineering, and model development. The results show that the hybrid ensemble model, integrating Gradient Boosting and Transformer-based architectures, outperforms all other models, achieving 98.7% accuracy, 98.3% precision, and 97.9% recall, while maintaining a false positive rate below 1%. The model demonstrated exceptional performance in real-world simulations, detecting over 98% of malicious activities. Our findings highlight the importance of combining the strengths of classical and advanced machine learning techniques for effective APT detection and mitigation, providing a reliable, scalable solution for real-time cybersecurity.
50
Jabar, Thulfiqar, and Manmeet Mahinderjit Singh. "Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework." Sensors 22, no. 13 (2022): 4662. http://dx.doi.org/10.3390/s22134662.
Full textAbstract:
During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation.