Enregistré dans:
Détails bibliographiques
Auteurs principaux: Wang, Yuntao, Liu, Han, Li, Zhendong, Su, Zhou, Li, Jiliang
Format: Preprint
Publié: 2023
Sujets:
Accès en ligne:https://arxiv.org/abs/2309.09498
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866914758843695104
author Wang, Yuntao
Liu, Han
Li, Zhendong
Su, Zhou
Li, Jiliang
author_facet Wang, Yuntao
Liu, Han
Li, Zhendong
Su, Zhou
Li, Jiliang
contents The rise of advanced persistent threats (APTs) has marked a significant cybersecurity challenge, characterized by sophisticated orchestration, stealthy execution, extended persistence, and targeting valuable assets across diverse sectors. Provenance graph-based kernel-level auditing has emerged as a promising approach to enhance visibility and traceability within intricate network environments. However, it still faces challenges including reconstructing complex lateral attack chains, detecting dynamic evasion behaviors, and defending smart adversarial subgraphs. To bridge the research gap, this paper proposes an efficient and robust APT defense scheme leveraging provenance graphs, including a network-level distributed audit model for cost-effective lateral attack reconstruction, a trust-oriented APT evasion behavior detection strategy, and a hidden Markov model based adversarial subgraph defense approach. Through prototype implementation and extensive experiments, we validate the effectiveness of our system. Lastly, crucial open research directions are outlined in this emerging field.
format Preprint
id arxiv_https___arxiv_org_abs_2309_09498
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Combating Advanced Persistent Threats: Challenges and Solutions
Wang, Yuntao
Liu, Han
Li, Zhendong
Su, Zhou
Li, Jiliang
Cryptography and Security
The rise of advanced persistent threats (APTs) has marked a significant cybersecurity challenge, characterized by sophisticated orchestration, stealthy execution, extended persistence, and targeting valuable assets across diverse sectors. Provenance graph-based kernel-level auditing has emerged as a promising approach to enhance visibility and traceability within intricate network environments. However, it still faces challenges including reconstructing complex lateral attack chains, detecting dynamic evasion behaviors, and defending smart adversarial subgraphs. To bridge the research gap, this paper proposes an efficient and robust APT defense scheme leveraging provenance graphs, including a network-level distributed audit model for cost-effective lateral attack reconstruction, a trust-oriented APT evasion behavior detection strategy, and a hidden Markov model based adversarial subgraph defense approach. Through prototype implementation and extensive experiments, we validate the effectiveness of our system. Lastly, crucial open research directions are outlined in this emerging field.
title Combating Advanced Persistent Threats: Challenges and Solutions
topic Cryptography and Security
url https://arxiv.org/abs/2309.09498