BHU Digital Repository

Detecting Lateral Movement in a Network for Combating Advanced Persistent Threats

Show simple item record

dc.contributor.author Musa, Yusuf
dc.date.accessioned 2024-05-16T08:05:20Z
dc.date.available 2024-05-16T08:05:20Z
dc.date.issued 2020-05
dc.identifier.citation Adelaiye, O. I., Ajibola, A., & Yusuf, M. Detecting Lateral Movement in a Network for Combating Advanced Persistent Threats. en_US
dc.identifier.issn 2141-3959
dc.identifier.uri http://localhost:8080/xmlui/handle/123456789/1108
dc.description.abstract Cyber security has in recent times been on the headlines and an area of great concern and threat to developed nations. These threats have metamorphosed into more advanced threats including a threat termed Advanced Persistent Threat. Advanced Persistent Threat (APT) is a highly coordinated attack method that exploits existing but unknown vulnerabilities. These adversaries are sophisticated, skilled and are highly determined to gain undetected access over an extended period and steal valuable data. APT poses high threat levels to organizations especially the government organizations. This study identified that 60% of the problem is the inability to detect penetration using traditional mitigation methods. The APT attack operates in phases which include: selecting a target, information gathering, gaining access, exploitation, operation, data discovery and collection, and data exfiltration listed from the first to the seventh phase. The fifth and sixth phase of the process deals with the lateral movement (spread) of malwares after internal reconnaissance is done. This study uses a statistical analysis approach on a dataset containing 939,394 payloads, and identifies patterns key in accurately identifying malicious verses normal data traffic. The attributes that showed a difference were source port and size in bytes. Results show that the ports used for scanning attacks are 90% unassigned ports and dynamic/private ports and, utilize data sizes of almost zero bytes. These patterns that form rules, detect the presence of APT attacks in a network. This approach is in line with CORBIT 5 and ISO no. ISO/IEC 27033-4:2014. en_US
dc.description.sponsorship Bingham University en_US
dc.language.iso en en_US
dc.publisher International Journal of Information Processing and Communication (IJIPC) en_US
dc.subject Reconnaissance, Zero-day, Information security, Intrusion detection, Malware en_US
dc.title Detecting Lateral Movement in a Network for Combating Advanced Persistent Threats en_US
dc.type Article en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search BHUDR


Advanced Search

Browse

My Account