• Title/Summary/Keyword: APT Traffic Analysis

Search Result 9, Processing Time 0.021 seconds

A Novel Framework for APT Attack Detection Based on Network Traffic

  • Vu Ngoc Son
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.1
    • /
    • pp.52-60
    • /
    • 2024
  • APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

Design for Zombie PCs and APT Attack Detection based on traffic analysis (트래픽 분석을 통한 악성코드 감염PC 및 APT 공격탐지 방안)

  • Son, Kyungho;Lee, Taijin;Won, Dongho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.491-498
    • /
    • 2014
  • Recently, cyber terror has been occurred frequently based on advanced persistent threat(APT) and it is very difficult to detect these attacks because of new malwares which cannot be detected by anti-virus softwares. This paper proposes and verifies the algorithms to detect the advanced persistent threat previously through real-time network monitoring and combinatorial analysis of big data log. In the future, APT attacks can be detected more easily by enhancing these algorithms and adapting big data platform.

Tracking the Source of Cascading Cyber Attack Traffic Using Network Traffic Analysis (네트워크 트래픽 분석을 이용한 연쇄적 사이버공격 트래픽의 발생원 추적 방법)

  • Goo, Young-Hoon;Choi, Sun-Oh;Lee, Su-Kang;Kim, Sung-Min;Kim, Myung-Sup
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.41 no.12
    • /
    • pp.1771-1779
    • /
    • 2016
  • In these days, the world is getting connected to the internet like a sophisticated net, such an environment gives a suitable environment for cyber attackers, so-called cyber-terrorists. As a result, a number of cyber attacks has significantly increased and researches to find cyber attack traffics in the field of network monitoring has also been proceeding. But cyber attack traffics have been appearing in new forms in every attack making it harder to monitor. This paper suggests a method of tracking down cyber attack traffic sources by defining relational information flow of traffic data from highest cascaded and grouped relational flow. The result of applying this cyber attack source tracking method to real cyber attack traffic, was found to be reliable with quality results.

Network Intrusion Detection Using One-Class Models (단일 클래스 모델을 활용한 네트워크 침입 탐지)

  • Byeongjun Min;Daekyeong Park
    • Convergence Security Journal
    • /
    • v.24 no.3
    • /
    • pp.13-21
    • /
    • 2024
  • Recently, with the rapid expansion of networks driven by the advancements of the Fourth Industrial Revolution, cybersecurity threats are becoming increasingly severe. Traditional signature-based Network Intrusion Detection Systems (NIDS) are effective in detecting known attacks but show limitations when faced with new threats such as Advanced Persistent Threats (APT). Additionally, deep learning models based on supervised learning can lead to biased decision boundaries due to the imbalanced nature of network traffic data, where normal traffic vastly outnumbers malicious traffic. To address these challenges, this paper proposes a network intrusion detection method based on one-class models that learn only from normal data to identify abnormal traffic. The effectiveness of this approach is validated through experiments using the Deep SVDD and MemAE models on the NSL-KDD dataset. Comparative analysis with supervised learning models demonstrates that the proposed method offers superior adaptability and performance in real-world scenarios.

Validation of Permanent Deformation Model for Flexible Pavement using Accelerated Pavement Testing (포장가속시험을 이용한 소성변형예측 모델의 검증)

  • Choi, Jeong Hoon;Seo, Youngguk;Suh, Young Chan
    • KSCE Journal of Civil and Environmental Engineering Research
    • /
    • v.29 no.4D
    • /
    • pp.491-497
    • /
    • 2009
  • This paper presents the results of accelerated pavement tests (APT) that simulate permanent deformation (rutting) of asphalt concrete pavements under different temperatures and loading courses. Also, finite element (FE) analysis has been conducted to predict the test results. Test section for APT is the same as one of test sections at Korea Expressway Corporation test road and is subjected to a constant moving dual tire wheel load of APT at three different temperatures: 30, 40, $50^{\circ}C$. The moving wheel is applied at different loading courses within a 75cm wide wheel path to account for traffic wandering. Also, the effect of wandering on permanent deformation development is investigated numerically with three wandering schemes. In this study, ABAQUS is adopted to model APT pavement section with plain stain elements and creep strain rate model is used to take into account viscoplastic stain of asphalt concrete mixtures, and elastic layer properties are back-calculated from FWD measurements. Plus, the effect of boundary condition and subgrade on FE permanent deformation predictions is investigated. A full FE model that accounted for subgrade provided more realistic rut depth predictions, indicating subgrade has contributed to surface rutting.

User Requirements Analysis for Traffic Information Service in Advanced Public Transportation Systems (APTS의 교통정보 제공을 위한 사용자 요구사항 분석)

  • IM Seung-Yong;Choe Deok-Won
    • Proceedings of the Society of Korea Industrial and System Engineering Conference
    • /
    • 2002.05a
    • /
    • pp.497-505
    • /
    • 2002
  • This paper is a report on the user requirements analysis based on the survey performed during the February and March, 2002. The survey constitutes the preliminary stage of our research on the design of advanced public transportation system(APTS) in ITS service. A random sample of 60 responses were selected from the total of 300 replies that were received for our statistical analysis. We were able to identify what kind of information content Is mostly required by the public transportation users. Some useful guidelines as to how to design the APTS are provided as the conclusion.

  • PDF

Development Status of Korea Accelerated Loading and Environment Simulator (KALES) (한국형 포장가속시험시설의 개발현황)

  • Yang, Seong-Cheol;Yu, Tae-Seok;Eom, Ju-Yong
    • International Journal of Highway Engineering
    • /
    • v.2 no.2
    • /
    • pp.139-148
    • /
    • 2000
  • Currently existing Accelerated Pavement Testing (APT) systems developed in several countries have been employed mainly to test the performance of asphalt pavement. Meanwhile, the length of concrete pavement is similar to that of asphalt pavement in expressways of Korea. and is expected to increase due to its durability and compatibility to our weather condition. To meet the society's demand of having our own APT system which can examine the long-term performance of concrete pavement, a contract study to develop Korea Accelerated Loading and Environment Simulator (KALES) for concrete pavement has been performed for 3 years from 1997 through 1999. Through the project, a detailed design was Peformed for the KALES system in which the entire structure of KALES, loading mechanism, wandering mechanism, suspension system, driving system were proposed. Also in advance to design a full-scale KALES system, a sample scale model was manufactured and tested for operating motion and force distribution. It is evident that the proposed prototype KALES system will provide higher degree of traffic simulation and durable operation, based on the satisfactory fatigue analysis.

  • PDF

A Study on the mix design for the Soilcrete by Using FGC Soil Stabilizer (FGC계 고화재를 이용한 Soilcrete 배합설계에 관한 연구)

  • 천병식;고갑수;김진춘;하상욱
    • Proceedings of the Korean Geotechical Society Conference
    • /
    • 1999.10a
    • /
    • pp.293-300
    • /
    • 1999
  • Soilcrete has been the traditional material for the paving and soft ground improvement techniques. But because the durability is not excellent and the quality is not homogeneous, it has not been used for the various purposes up to date. And because the quality of soilcrete is apt to be changed by the content of water and soil stabilizer, and the kind of soil and soil stabilizer, it is not free of cares. But with the increase of naturally oriented needs for the light traffic road such as pedestrian roads of the garden, golf courses and sidewalks, the cases of soilcrete paving has been increased recently. This study aims at making the reference table of the mix design in accordance with the required design specifications for the soilcrete admixtures by the FGC soil stabilizer by using the statistical experiment method. The treated soil is the clay which are widely spreaded in Korea. As the results of this study we can derive the effective reference mix design table for the clay soil treated by the FGC soil stabilizer in accordance with the compressive strength of 50∼200kg/$\textrm{cm}^2$ soilcrete with respect to the contents of water, soil stabilizer and fine sand.

  • PDF

Extraction of Network Threat Signatures Using Latent Dirichlet Allocation (LDA를 활용한 네트워크 위협 시그니처 추출기법)

  • Lee, Sungil;Lee, Suchul;Lee, Jun-Rak;Youm, Heung-youl
    • Journal of Internet Computing and Services
    • /
    • v.19 no.1
    • /
    • pp.1-10
    • /
    • 2018
  • Network threats such as Internet worms and computer viruses have been significantly increasing. In particular, APTs(Advanced Persistent Threats) and ransomwares become clever and complex. IDSes(Intrusion Detection Systems) have performed a key role as information security solutions during last few decades. To use an IDS effectively, IDS rules must be written properly. An IDS rule includes a key signature and is incorporated into an IDS. If so, the network threat containing the signature can be detected by the IDS while it is passing through the IDS. However, it is challenging to find a key signature for a specific network threat. We first need to analyze a network threat rigorously, and write a proper IDS rule based on the analysis result. If we use a signature that is common to benign and/or normal network traffic, we will observe a lot of false alarms. In this paper, we propose a scheme that analyzes a network threat and extracts key signatures corresponding to the threat. Specifically, our proposed scheme quantifies the degree of correspondence between a network threat and a signature using the LDA(Latent Dirichlet Allocation) algorithm. Obviously, a signature that has significant correspondence to the network threat can be utilized as an IDS rule for detection of the threat.