Graph-based APT detection

Thibault Debatty, Wim Mees, Thomas Gilon

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdragepeer review

Samenvatting

In this paper we propose a new algorithm to detect Advanced Persistent Threats (APT's) that relies on a graph model of HTTP traffic. We also implement a complete detection system with a web interface that allows to interactively analyze the data. We perform a complete parameter study and experimental evaluation using data collected on a real network. The results show that the performance of our system is comparable to currently available antiviruses, although antiviruses use signatures to detect known malwares while our algorithm solely uses behavior analysis to detect new undocumented attacks.

Originele taal-2Engels
Titel2018 International Conference on Military Communications and Information Systems, ICMCIS 2018
UitgeverijInstitute of Electrical and Electronics Engineers Inc.
Pagina's1-8
Aantal pagina's8
ISBN van elektronische versie9781538645598
DOI's
StatusGepubliceerd - 27 jun. 2018
Evenement2018 International Conference on Military Communications and Information Systems, ICMCIS 2018 - Warsaw, Polen
Duur: 22 mei 201823 mei 2018

Publicatie series

Naam2018 International Conference on Military Communications and Information Systems, ICMCIS 2018

Congres

Congres2018 International Conference on Military Communications and Information Systems, ICMCIS 2018
Land/RegioPolen
StadWarsaw
Periode22/05/1823/05/18

Trefwoorden

  • RMA-CISS-RUCD

Vingerafdruk

Duik in de onderzoeksthema's van 'Graph-based APT detection'. Samen vormen ze een unieke vingerafdruk.

Citeer dit