Graph-based APT detection

Thibault Debatty, Wim Mees, Thomas Gilon

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In this paper we propose a new algorithm to detect Advanced Persistent Threats (APT's) that relies on a graph model of HTTP traffic. We also implement a complete detection system with a web interface that allows to interactively analyze the data. We perform a complete parameter study and experimental evaluation using data collected on a real network. The results show that the performance of our system is comparable to currently available antiviruses, although antiviruses use signatures to detect known malwares while our algorithm solely uses behavior analysis to detect new undocumented attacks.

Original languageEnglish
Title of host publication2018 International Conference on Military Communications and Information Systems, ICMCIS 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-8
Number of pages8
ISBN (Electronic)9781538645598
DOIs
Publication statusPublished - 27 Jun 2018
Event2018 International Conference on Military Communications and Information Systems, ICMCIS 2018 - Warsaw, Poland
Duration: 22 May 201823 May 2018

Publication series

Name2018 International Conference on Military Communications and Information Systems, ICMCIS 2018

Conference

Conference2018 International Conference on Military Communications and Information Systems, ICMCIS 2018
Country/TerritoryPoland
CityWarsaw
Period22/05/1823/05/18

Fingerprint

Dive into the research topics of 'Graph-based APT detection'. Together they form a unique fingerprint.

Cite this