A DATA DRIVEN ANOMALY BASED BEHAVIOR DETECTION METHOD FOR ADVANCED PERSISTENT THREATS (APT)

For more Computer Science projects click here


ABSTRACT


Advanced Persistent Threats (APTs), represent sophisticated and enduring network intrusion campaigns targeting sensitive information from targeted organizations and operating over a long period. These types of threats are much harder to detect using signature-based methods. Anomaly-based methods consist of monitoring system activity to determine whether an observed activity is normal or abnormal. This is done according to heuristic or statistical analysis, and can be used to detect unknown attacks. Despite all significant research efforts, such techniques still suffer from a high number of false positive detections. Detecting APTs is complex because it tends to follow a “low and slow” attack profile that is very difficult to distinguish from normal, legitimate activity. The volume of data that must be analyzed is overwhelming. One technology that holds promise for detecting this kind of attack that is nearly invisible is Big data analytics. In this work, I propose a data-driven anomaly based behavior detection method which aims to leverage big data methods, and capable of processing significant amounts of data from diverse or several data sources. Big data analytics will significantly enhance or improve the detection capabilities, enabling the detection of Advanced Persistent Threats (APTs) activities that pass under the radar of traditional security solutions.


TABLE OF CONTENTS

ABSTRACT
LIST OF ABBREVIATIONS
LIST OF FIGURES AND TABLES

CHAPTER ONE
1INTRODUCTION
1.1    Background of the study
1.2    Objective of the research
1.3       Research statement
1.4    Structure of the work

CHAPTER TWO
LITERATURE REVIEW
2.1. What is an Advanced Persistent Threat?
2.2.   Tools and Methods used by the attackers
2.3. Traditional Security solutions
2.4. APT Life Cycle
2.5.   Model of operation of APT malware
2.6.   Command & Control Channels (C&C)
2.7. Research Direction
2.8. Related work

CHAPTER THREE
METHODOLOGY
3.1.   Big data and Big data analytics
3.2. Methodology
3.2.1. What is Anomaly Detection?
3.2.2. The Components of a Data-driven Anomaly-based Behavior Detection method for Advanced Persistent Threats (APT)

CHAPTER FOUR
IMPLEMENTATION AND EVALUATION
4.1. Big Data Analytics (Machine learning) based on network traces with full payloads
4.2. Big Data Analytics (Machine Learning) based on HTTP traffic
4.3. Environment for the Implementation
4.4. IMPLEMENTATION STAGES
4.4.1. Data Collection
4.4.2. Data Preprocessing
4.4.3. Model Creation via classification
4.4.4. Model Selection
4.4.5. Model Prediction and Evaluation

CHAPTER FIVE
CONCLUSIONS
5.1. Summary
5.2. Challenges
5.3. Future Work
REFERENCES


CHAPTER ONE

INTRODUCTION


1.1 Background of the study

With the rapid development of computer networks, new and sophisticated types of attacks have emerged which require novel and more sophisticated defense mechanisms. Advanced Persistent Threats (APTs) are one of the most fast-growing cyber security threats that organizations face today [12]. They are carried out by knowledgeable, very skilled and well-funded hackers, targeting sensitive information from specific organizations. The objective of an APT attack is to steal sensitive data from the targeted organization, to gain access to sensitive customer data, or to access strategic or important business information that could be used for financial gain, blackmail, embarrassment, data poisoning, “illegal insider trading or disrupting an organization’s business”

[30].   APT attackers target organizations in sectors with high-value information, such as national defense or military, manufacturing, and the financial industry.

The technologies and methods employed in APT attacks are stealthy and difficult to detect, for instance, they can employ “social engineering which involves tricking people into breaking normal security procedures” [13]. In addition, the APT intruders constantly change and refine their methods, including having insiders (those within the organization) who abuse legitimate access rights to manipulate and steal data.


Once hacking into the targeted network is successful, the intruder installs APT malware on the victim’s system. The attacker then is able to monitor and control the spread of malware and also remotely control the infected systems. This opens a channel through which they steal sensitive information from the victim’s system unknowingly to the owner, over a long period of time except if the malicious activity is detected. After the information of interest has been found the attacker gives a command to exfiltrate the information. This is usually done through a channel separate from the Command and Control (C&C) channel. To maintain access to the network the attacker continuously rewrites codes and employs sophisticated evasion methods. The frequency or the rate of such attacks and breaches highlights the fact that even the best Information Technology (IT) network perimeter defenses or traditional security solutions, including proxy, firewall, VPN, antivirus, and malware tools are unable to prevent the intrusions [Craig Richardson (http://data-informed.com/use-data-analytics-combat-advanced-persistent-threats)]. The data breach investigation report stated in Verizon [14] confirmed that, in 86% of the cases, evidence about the data breach was recorded in the organization logs but the traditional security solutions failed to raise security alarms. This is a signal that there is a need for other forms of security solutions in addition to the existing ones that would be better able to detect the activities of APTs. Detecting APTs is complex because it tends to follow a low and slow attack profile that is very difficult to differentiate from normal, legitimate activity. Thus, detection of this kind of attacks relies heavily on heuristics or human inspection...


For more Computer Science projects click here
___________________________________________________________________________
This is a Postgraduate Thesis and the complete research material plus questionnaire and references can be obtained at an affordable price of N3,000 within Nigeria or its equivalent in other currencies.


INSTRUCTION ON HOW TO GET THE COMPLETE PROJECT MATERIAL

Kindly pay/transfer a total sum of N3,000 into any of our Bank Accounts listed below:
·         Diamond Bank Account:
A/C Name:      Haastrup Francis
A/C No.:         0096144450

·         GTBank Account:
A/C Name:      Haastrup Francis
A/C No.:         0029938679

After payment, send your desired Project Topic, Depositor’s Name, and your Active E-Mail Address to which the material would be sent for downloading (you can request for a downloading link if you don’t have an active email address) to +2348074521866 or +2348066484965. You can as well give us a direct phone call if you wish to. Projects materials are sent in Microsoft format to your mail within 30 Minutes once payment is confirmed. 

--------------------------------------------------------
N/B:    By ordering for our material means you have read and accepted our Terms and Conditions


Terms of Use: This is an academic paper. Students should NOT copy our materials word to word, as we DO NOT encourage Plagiarism. Only use as guide in developing your original research work.

Delivery Assurance
We are trustworthy and can never SCAM you. Our success story is based on the love and fear for God plus constant referrals from our clients who have benefited from our site. We deliver project materials to your Email address within 15-30 Minutes depending on how fast your payment is acknowledged by us.

Quality Assurance
All research projects, Research Term Papers and Essays on this site are well researched, supervised and approved by lecturers who are intellectuals in their various fields of study.
Share:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Search for your topic here

To view a full list of Project Topics under your Department

Featured Post

Article: How to Write a Research Proposal

Most students and beginning researchers do not fully understand what a research proposal means, nor do they understand ...

Popular Posts