Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks
Computers and Electrical Engineering
; 105, 2023.
Artículo
en Inglés
| Scopus | ID: covidwho-2244069
ABSTRACT
After the COVID-19 pandemic, cyberattacks are increasing as non-face-to-face environments such as telecommuting and telemedicine proliferate. Cyberattackers exploit vulnerabilities in remote systems and endpoint devices in major enterprises and infrastructures. To counter these attacks, fast detection and response are essential because advanced persistent threat (APT) attacks intelligently infiltrate endpoint devices for long periods and spread to large-scale environments. However, because conventional security systems are signature-based, fast detection of APT attacks is challenging, and it is difficult to respond flexibly to the environment. In this study, we propose an APT fast detection and response technique using open-source tools that improves the efficiency of existing endpoint information protection systems and swiftly detects the APT attack process. Performance test results based on realistic scenarios using the open-source APT attack library and MITER ATT&CK indicated that fast detection was possible with higher accuracy for the early stages of APT attacks in scenarios where endpoint attack detectors are interworking environments. © 2022 The Authors
Texto completo:
Disponible
Colección:
Bases de datos de organismos internacionales
Base de datos:
Scopus
Tipo de estudio:
Estudio experimental
Idioma:
Inglés
Revista:
Computers and Electrical Engineering
Año:
2023
Tipo del documento:
Artículo
Similares
MEDLINE
...
LILACS
LIS