مشخصات مقاله:
عنوان فارسی مقاله:
یک رویکرد همبستگی معنایی برای شناسایی APT های ترکیبی و سطح پایین
عنوان انگلیسی مقاله:
A semantic-based correlation approach for detecting hybrid and low-level APTs
کلمات کلیدی مقاله:
تهدید مستمر پیشرفته، حمله سطح پایین، هستی شناسی، همبستگی معنایی، تروجان
مناسب برای رشته های دانشگاهی زیر:
مهندسی کامپیوتر – مهندسی فناوری اطلاعات
مناسب برای گرایش های دانشگاهی زیر:
الگوریتم و محاسبات – مهندسی نرم افزار – اینترنت و شبکه های گسترده – شبکه های کامپیوتری
وضعیت مقاله انگلیسی و ترجمه:
مقاله انگلیسی را میتوانید به صورت رایگان با فرمت PDF با کلیک بر روی دکمه آبی، دانلود نمایید. برای ثبت سفارش ترجمه نیز روی دکلمه قرمز رنگ کلیک نمایید. سفارش ترجمه نیازمند زمان بوده و ترجمه این مقاله آماده نمیباشد و پس از اتمام ترجمه، فایل ورد تایپ شده قابل دانلود خواهد بود.
فهرست مطالب:
Outline
Highlights
Abstract
Keywords
۱٫ Introduction
۲٫ Related work
۳٫ Preliminaries
۴٫ Problem statement
۵٫ Proposed approach
۶٫ Evaluation
۷٫ Conclusion
Appendix A. Syntax and semantics of description logic
Appendix B. List of the symbols used in the paper
References
قسمتی از مقاله انگلیسی:
Abstract
Sophisticated and targeted malwares, which today are known as Advanced Persistent Threats (APTs), use multi-step, distributed, hybrid and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correlate low-level operating system events with network events and use alert correlation instead of event correlation, the intruders use low and hybrid events in order to distribute the attack vector, hide malwares behaviors, and therefore make detection difficult for such detection systems. In this paper, a new approach for detecting hybrid and low-level attacks, which are prevalent in APTs, is proposed. The proposed approach uses low-level interception and correlates operating system events with network events based on the semantic relationships that are defined between the entities in system ontology. In this scheme, malicious events, especially the events implicitly violate the security policies, are deduced and detected based on the event relations and defined security policies. Also, the proposed approach can track information flows between the existing subjects using a memory transition/manipulation model to reconstruct distributed attack vectors. Evaluation of the proposed approach on a computer network which contains many APTs scenarios shows the effectiveness of our detection approach.
1. Introduction
Since the term “Computer Virus” was coined by Frederick B. Cohen [1, 2] in 1981, the behavior and structure of malwares have become more sophisticated. It has resulted in the creation of persistent, multi-step and polymorphic malwares [3, 4]. Todays, malwares use distributed methods in order to hide their own behaviors and avoid to be detected by network intrusion detection and alert correlation systems. This distribution can be found in all parts of an attack vector such as function calls, types of events, attack steps, and subjects [5, 6].