Mitigating Advanced Persistent Threats: A Comparative Evaluation Review

Abstract

Cyber threats have been an issue of great concern since the advent of the information (computer and internet) age. But of greater concern is the most recent class of threats, known as Advanced Persistent Threats (APTs). It has drawn increasing attention all over the world, from researchers, and the industrial security sector. APTs are sophisticated cyber-attacks executed by sophisticated and well-resourced adversaries targeting specific information in companies and government. APT is a long- term campaign involving different steps. This form of attack if successful has significant implications to countries and large organizations, which may be from financial to reputational damage. This work presents a comprehensive study on APT, characterizing its uniqueness and attack model, and analyzing techniques commonly seen in APT attacks. On evaluating mitigation effects proposed and developed by researches, the use of a multiple mitigation methods shows good signs in detecting and preventing APT. Anomaly detection and dynamic analysis show high accuracy levels in detecting APT. This work also highlights and recommends security tips as well as methods of implementing countermeasures that can help to mitigate APTs, thereby giving directions for future research