A Framework of APT Detection Based on Packets Analysis and Host Destination

Authors

  • Khalid Abdulrazzaq Abdulnabi Alminshid General Directorate of Education in Thi-Qar province, Ministry of Education, Iraq, Thi-Qar, Iraq
  • Mohd Nizam Omar School of Computing, InterNetWorks Research Laboratory, Universiti Utara Malaysia, Kedah, Malaysia

DOI:

https://doi.org/10.24996/ijs.2020.61.1.24

Keywords:

detection, APT, Advanced Persistent Threats, traffic, intrusion

Abstract

So far, APT (Advanced Persistent Threats) is a constant concern for information security. Despite that, many approaches have been used in order to detect APT attacks, such as change controlling, sandboxing and network traffic analysis. However, success of 100% couldn’t be achieved. Current studies have illustrated that APTs adopt many complex techniques to evade all detection types. This paper describes and analyzes APT problems by analyzing the most common techniques, tools and pathways used by attackers. In addition, it highlights the weaknesses and strengths of the existing security solutions that have been used since the threat was identified in 2006 until 2019. Furthermore, this research proposes a new framework that can be used to repel this threat based on APT activity with network traffic through packets analysis and host destination.

Downloads

Download data is not yet available.

Downloads

Published

2020-01-27

Issue

Section

Computer Science

How to Cite

A Framework of APT Detection Based on Packets Analysis and Host Destination. (2020). Iraqi Journal of Science, 61(1), 215-223. https://doi.org/10.24996/ijs.2020.61.1.24

Similar Articles

1-10 of 497

You may also start an advanced similarity search for this article.