For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Modeling Attack Process of Advanced Persistent Threat Using Network Evolution
Weina NIU Xiaosong ZHANG Guowu YANG Ruidong CHEN Dong WANG
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2017/10/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Security, Privacy and Anonymity in Computation, Communication and Storage Systems)
Category: Operating system and network Security
attack process modeling, APT, TCAN, complex network theory,
Full Text: PDF(1.2MB)
>>Buy this Article
Advanced Persistent Threat (APT) is one of the most serious network attacks that occurred in cyberspace due to sophisticated techniques and deep concealment. Modeling APT attack process can facilitate APT analysis, detection, and prediction. However, current techniques focus on modeling known attacks, which neither reflect APT attack dynamically nor take human factors into considerations. In order to overcome this limitation, we propose a Targeted Complex Attack Network (TCAN) model for APT attack process based on dynamic attack graph and network evolution. Compared with current models, our model addresses human factors by conducting a two-layer network structure. Meanwhile, we present a stochastic model based on states change in the target network to specify nodes involved in the procedure of this APT. Besides, our model adopts time domain to expand the traditional attack graph into dynamic attack network. Our model is featured by flexibility, which is proven through changing the related parameters. In addition, we propose dynamic evolution rules based on complex network theory and characteristics of the actual attack scenarios. Finally, we elaborate a procedure to add nodes by a matrix operation. The simulation results show that our model can model the process of attack effectively.