Ontology-based Advanced Persistent Attacks Detection, Ph.D. Dissertation Sharif University of Technology ; Amini, Morteza (Supervisor)
Abstract
Advanced Persistent Threats (APTs), use hybrid, slow, and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correlate low-level operating system events with network events and use alert correlation instead of event correlation, the intruders use low and hybrid events in order to make detection difficult for such detection systems. In addition, these attacks use low and slow patterns to bypass intrusion detection and alert correlation systems. Since most of the attack detection approaches use a short time-window, the slow APTs abuse this...
Cataloging briefOntology-based Advanced Persistent Attacks Detection, Ph.D. Dissertation Sharif University of Technology ; Amini, Morteza (Supervisor)
Abstract
Advanced Persistent Threats (APTs), use hybrid, slow, and low-level patterns to leak and exfiltrate information, manipulate data, or prevent progression of a program or mission. Since current intrusion detection systems (IDSs) and alert correlation systems do not correlate low-level operating system events with network events and use alert correlation instead of event correlation, the intruders use low and hybrid events in order to make detection difficult for such detection systems. In addition, these attacks use low and slow patterns to bypass intrusion detection and alert correlation systems. Since most of the attack detection approaches use a short time-window, the slow APTs abuse this...
Find in contentBookmark
|
|