Open Access iconOpen Access

ARTICLE

crossmark

An Effective Threat Detection Framework for Advanced Persistent Cyberattacks

by So-Eun Jeon1, Sun-Jin Lee1, Eun-Young Lee1, Yeon-Ji Lee2, Jung-Hwa Ryu2, Jung-Hyun Moon2, Sun-Min Yi2, Il-Gu Lee1,2,*

1 Department of Future Convergence Technology Engineering, Sungshin Women’s University, Seoul, 02844, Korea
2 Department of Convergence Security Engineering, Sungshin Women’s University, Seoul, 02844, Korea

* Corresponding Author: Il-Gu Lee. Email: email

Computers, Materials & Continua 2023, 75(2), 4231-4253. https://doi.org/10.32604/cmc.2023.034287

Abstract

Recently, with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic, the possibility of cyberattacks through endpoints has increased. Numerous endpoint devices are managed meticulously to prevent cyberattacks and ensure timely responses to potential security threats. In particular, because telecommuting, telemedicine, and tele-education are implemented in uncontrolled environments, attackers typically target vulnerable endpoints to acquire administrator rights or steal authentication information, and reports of endpoint attacks have been increasing considerably. Advanced persistent threats (APTs) using various novel variant malicious codes are a form of a sophisticated attack. However, conventional commercial antivirus and anti-malware systems that use signature-based attack detection methods cannot satisfactorily respond to such attacks. In this paper, we propose a method that expands the detection coverage in APT attack environments. In this model, an open-source threat detector and log collector are used synergistically to improve threat detection performance. Extending the scope of attack log collection through interworking between highly accessible open-source tools can efficiently increase the detection coverage of tactics and techniques used to deal with APT attacks, as defined by MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). We implemented an attack environment using an APT attack scenario emulator called Carbanak and analyzed the detection coverage of Google Rapid Response (GRR), an open-source threat detection tool, and Graylog, an open-source log collector. The proposed method expanded the detection coverage against MITRE ATT&CK by approximately 11% compared with that conventional methods.

Keywords


Cite This Article

APA Style
Jeon, S., Lee, S., Lee, E., Lee, Y., Ryu, J. et al. (2023). An effective threat detection framework for advanced persistent cyberattacks. Computers, Materials & Continua, 75(2), 4231-4253. https://doi.org/10.32604/cmc.2023.034287
Vancouver Style
Jeon S, Lee S, Lee E, Lee Y, Ryu J, Moon J, et al. An effective threat detection framework for advanced persistent cyberattacks. Comput Mater Contin. 2023;75(2):4231-4253 https://doi.org/10.32604/cmc.2023.034287
IEEE Style
S. Jeon et al., “An Effective Threat Detection Framework for Advanced Persistent Cyberattacks,” Comput. Mater. Contin., vol. 75, no. 2, pp. 4231-4253, 2023. https://doi.org/10.32604/cmc.2023.034287



cc Copyright © 2023 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1273

    View

  • 711

    Download

  • 0

    Like

Share Link