Graph-based APT detection

Thibault Debatty, Wim Mees, Thomas Gilon

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

Abstract

In this paper we propose a new algorithm to detect Advanced Persistent Threats (APT's) that relies on a graph model of HTTP traffic. We also implement a complete detection system with a web interface that allows to interactively analyze the data. We perform a complete parameter study and experimental evaluation using data collected on a real network. The results show that the performance of our system is comparable to currently available antiviruses, although antiviruses use signatures to detect known malwares while our algorithm solely uses behavior analysis to detect new undocumented attacks.

OriginalspracheEnglisch
Titel2018 International Conference on Military Communications and Information Systems, ICMCIS 2018
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers Inc.
Seiten1-8
Seitenumfang8
ISBN (elektronisch)9781538645598
DOIs
PublikationsstatusVeröffentlicht - 27 Juni 2018
Veranstaltung2018 International Conference on Military Communications and Information Systems, ICMCIS 2018 - Warsaw, Polen
Dauer: 22 Mai 201823 Mai 2018

Publikationsreihe

Name2018 International Conference on Military Communications and Information Systems, ICMCIS 2018

Konferenz

Konferenz2018 International Conference on Military Communications and Information Systems, ICMCIS 2018
Land/GebietPolen
OrtWarsaw
Zeitraum22/05/1823/05/18

Fingerprint

Untersuchen Sie die Forschungsthemen von „Graph-based APT detection“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren