Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks
Computers and Electrical Engineering
; 105, 2023.
Article
in English
| Scopus | ID: covidwho-2244069
ABSTRACT
After the COVID-19 pandemic, cyberattacks are increasing as non-face-to-face environments such as telecommuting and telemedicine proliferate. Cyberattackers exploit vulnerabilities in remote systems and endpoint devices in major enterprises and infrastructures. To counter these attacks, fast detection and response are essential because advanced persistent threat (APT) attacks intelligently infiltrate endpoint devices for long periods and spread to large-scale environments. However, because conventional security systems are signature-based, fast detection of APT attacks is challenging, and it is difficult to respond flexibly to the environment. In this study, we propose an APT fast detection and response technique using open-source tools that improves the efficiency of existing endpoint information protection systems and swiftly detects the APT attack process. Performance test results based on realistic scenarios using the open-source APT attack library and MITER ATT&CK indicated that fast detection was possible with higher accuracy for the early stages of APT attacks in scenarios where endpoint attack detectors are interworking environments. © 2022 The Authors
Full text:
Available
Collection:
Databases of international organizations
Database:
Scopus
Type of study:
Experimental Studies
Language:
English
Journal:
Computers and Electrical Engineering
Year:
2023
Document Type:
Article
Similar
MEDLINE
...
LILACS
LIS