Open Access

REVIEW

A Comprehensive Survey on Advanced Persistent Threat (APT) Detection Techniques

Singamaneni Krishnapriya^*, Sukhvinder Singh

Department of Computer Science, School of Engineering and Technology, Pondicherry University, Kalapet, 605014, India

* Corresponding Author: Singamaneni Krishnapriya. Email:

Computers, Materials & Continua 2024, 80(2), 2675-2719. https://doi.org/10.32604/cmc.2024.052447

Received 02 April 2024; Accepted 27 June 2024; Issue published 15 August 2024

Abstract

The increase in number of people using the Internet leads to increased cyberattack opportunities. Advanced Persistent Threats, or APTs, are among the most dangerous targeted cyberattacks. APT attacks utilize various advanced tools and techniques for attacking targets with specific goals. Even countries with advanced technologies, like the US, Russia, the UK, and India, are susceptible to this targeted attack. APT is a sophisticated attack that involves multiple stages and specific strategies. Besides, TTP (Tools, Techniques, and Procedures) involved in the APT attack are commonly new and developed by an attacker to evade the security system. However, APTs are generally implemented in multiple stages. If one of the stages is detected, we may apply a defense mechanism for subsequent stages, leading to the entire APT attack failure. The detection at the early stage of APT and the prediction of the next step in the APT kill chain are ongoing challenges. This survey paper will provide knowledge about APT attacks and their essential steps. This follows the case study of known APT attacks, which will give clear information about the APT attack process—in later sections, highlighting the various detection methods defined by different researchers along with the limitations of the work. Data used in this article comes from the various annual reports published by security experts and blogs and information released by the enterprise networks targeted by the attack.

---

Keywords

---