Please use this identifier to cite or link to this item: http://localhost:8080/xmlui/handle/123456789/1108
Full metadata record
DC FieldValueLanguage
dc.contributor.authorMusa, Yusuf-
dc.date.accessioned2024-05-16T08:05:20Z-
dc.date.available2024-05-16T08:05:20Z-
dc.date.issued2020-05-
dc.identifier.citationAdelaiye, O. I., Ajibola, A., & Yusuf, M. Detecting Lateral Movement in a Network for Combating Advanced Persistent Threats.en_US
dc.identifier.issn2141-3959-
dc.identifier.urihttp://localhost:8080/xmlui/handle/123456789/1108-
dc.description.abstractCyber security has in recent times been on the headlines and an area of great concern and threat to developed nations. These threats have metamorphosed into more advanced threats including a threat termed Advanced Persistent Threat. Advanced Persistent Threat (APT) is a highly coordinated attack method that exploits existing but unknown vulnerabilities. These adversaries are sophisticated, skilled and are highly determined to gain undetected access over an extended period and steal valuable data. APT poses high threat levels to organizations especially the government organizations. This study identified that 60% of the problem is the inability to detect penetration using traditional mitigation methods. The APT attack operates in phases which include: selecting a target, information gathering, gaining access, exploitation, operation, data discovery and collection, and data exfiltration listed from the first to the seventh phase. The fifth and sixth phase of the process deals with the lateral movement (spread) of malwares after internal reconnaissance is done. This study uses a statistical analysis approach on a dataset containing 939,394 payloads, and identifies patterns key in accurately identifying malicious verses normal data traffic. The attributes that showed a difference were source port and size in bytes. Results show that the ports used for scanning attacks are 90% unassigned ports and dynamic/private ports and, utilize data sizes of almost zero bytes. These patterns that form rules, detect the presence of APT attacks in a network. This approach is in line with CORBIT 5 and ISO no. ISO/IEC 27033-4:2014.en_US
dc.description.sponsorshipBingham Universityen_US
dc.language.isoenen_US
dc.publisherInternational Journal of Information Processing and Communication (IJIPC)en_US
dc.subjectReconnaissance, Zero-day, Information security, Intrusion detection, Malwareen_US
dc.titleDetecting Lateral Movement in a Network for Combating Advanced Persistent Threatsen_US
dc.typeArticleen_US
Appears in Collections:Research Articles

Files in This Item:
File Description SizeFormat 
Detecting Lateral Movement in a Network for Combating Advanced.pdf822.44 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.