Please use this identifier to cite or link to this item:
http://localhost:8080/xmlui/handle/123456789/1253
Title: | Detecting Lateral Movement in a Network for Combating Advanced Persistent Threats |
Authors: | ADELAIYE, Oluwasegun Ajibola, Aminat Musa, Yusuf |
Keywords: | Reconnaissance Zero-day Information security Intrusion detection Malware |
Issue Date: | 2020 |
Publisher: | International Journal of Information Processing and Communication (IJIPC) |
Citation: | 7. Adelaiye, O. I., Ajibola, A. & Yusuf, M. (2020) Detecting Lateral Movement in a Network for Combating Advanced Persistent Threats. International Journal of Information Processing and Communication (IJIPC). 9(1&2), 209-220 |
Series/Report no.: | VOL 9;NO 1&2 |
Abstract: | Cyber security has in recent times been on the headlines and an area of great concern and threat to developed nations. These threats have metamorphosed into more advanced threats including a threat termed Advanced Persistent Threat. Advanced Persistent Threat (APT) is a highly coordinated attack method that exploits existing but unknown vulnerabilities. These adversaries are sophisticated, skilled and are highly determined to gain undetected access over an extended period and steal valuable data. APT poses high threat levels to organizations especially the government organizations. This study identified that 60% of the problem is the inability to detect penetration using traditional mitigation methods. The APT attack operates in phases which include: selecting a target, information gathering, gaining access, exploitation, operation, data discovery and collection, and data exfiltration listed from the first to the seventh phase. The fifth and sixth phase of the process deals with the lateral movement (spread) of malwares after internal reconnaissance is done. This study uses a statistical analysis approach on a dataset containing 939,394 payloads, and identifies patterns key in accurately identifying malicious verses normal data traffic. The attributes that showed a difference were source port and size in bytes. Results show that the ports used for scanning attacks are 90% unassigned ports and dynamic/private ports and, utilize data sizes of almost zero bytes. These patterns that form rules, detect the presence of APT attacks in a network. This approach is in line with CORBIT 5 and ISO no. ISO/IEC 27033-4:2014. |
URI: | http://localhost:8080/xmlui/handle/123456789/1253 |
ISSN: | 2141-3959 |
Appears in Collections: | Research Articles |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
429-8-1368-1-10-20200517.pdf | 783.48 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.