Analysis of high volumes of network traffic for Advanced Persistent Threat detection
- Submitting institution
-
King's College London
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 126663704
- Type
- D - Journal article
- DOI
-
10.1016/j.comnet.2016.05.018
- Title of journal
- COMPUTER NETWORKS
- Article number
- -
- First page
- 127
- Volume
- 109
- Issue
- -
- ISSN
- 1389-1286
- Open access status
- Deposit exception
- Month of publication
- June
- Year of publication
- 2016
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
-
- Citation count
- 48
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This paper proposes the first algorithm for prioritizing data-theft activities in APT (Advanced Persistent Threat) settings. The approach works also in the presence of encryption and evasive adversaries by creating a temporal behavioural model of each internal host. The most innovative contribution is the formal definition of a restrictive threat model which inspired many follow-up works, for example influencing threat models for logic-based deception [Jajodia et al, IEEE-TIFS-2017], APT detection [Yang et al, IEEE-TIFS-2019] and adversarial attacks on botnet traffic [Apruzzese et al., IEEE-TETCI-2020]. The proposed approach has been also used as data-theft baseline in [Powell, ACMTOPS- 2019].
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -