U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Automatic Recognition of Advanced Persistent Threat Tactics for Enterprise Security

Published

Author(s)

Qingtian Zou, Anoop Singhal, Xiaoyan Sun, Peng Liu

Abstract

Advanced Persistent Threats (APT) has become the concern of many enterprise networks. APT can remain undetected for a long time span and lead to undesirable consequences such as stealing of sensitive data, broken workflow, and so on. To achieve the attack goal, attackers usually leverage specific tactics that utilize a variety of techniques. This paper explores the recognition of APT tactics through synthesized analysis and correlation of data from various sources. We propose a framework for detecting the APT tactics and discuss the application of machine learning techniques in this problem. Our framework can be used by the security analysts for effective detection of APT attacks. The evaluation of our approach shows that it can detect APT tactics with high accuracy and low false positive rate. Therefore, it can be used for tactic-centric APT detection and effective implementation of cyber security response operations.
Proceedings Title
The 10th ACM Conference on Data and Application Security and Privacy
Conference Dates
March 16-18, 2020
Conference Location
New Orleans, LA, US
Conference Title
6th ACM International Workshop on Security and Privacy Analytics 2020
Pub Type
Conferences

Download Paper

https://doi.org/10.1145/3375708.3380314
Local Download

Keywords

Advanced Persistent Threat, Attack Tactics, Machine learning
Information technology and Cybersecurity

Citation

Zou, Q. , Singhal, A. , Sun, X. and Liu, P. (2020), Automatic Recognition of Advanced Persistent Threat Tactics for Enterprise Security, The 10th ACM Conference on Data and Application Security and Privacy, New Orleans, LA, US, [online], https://doi.org/10.1145/3375708.3380314, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=928938 (Accessed November 21, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created March 15, 2020, Updated October 12, 2021