Joel Chacon
Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment
Chacon, Joel; Mckeown, Sean; Macfarlane, Richard
Authors
Dr Sean McKeown S.McKeown@napier.ac.uk
Lecturer
Rich Macfarlane R.Macfarlane@napier.ac.uk
Associate Professor
Abstract
Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult to detect using traditional signature-and anomaly-based intrusion detection approaches. Deception techniques such as decoy objects, often called honey items, may be deployed for intrusion detection and attack analysis, providing an alternative to detect APT behaviours. This work explores the use of honey items to classify intrusion interactions, differentiating automated attacks from those which need some human reasoning and interaction towards APT detection. Multiple decoy items are deployed on honeypots in a virtual honey network, some as breadcrumbs to detect indications of a structured manual attack. Monitoring functionality was created around Elastic Stack with a Kibana dashboard created to display interactions with various honey items. APT type manual intrusions are simulated by an experienced pentesting practitioner carrying out simulated attacks. Interactions with honey items are evaluated in order to determine their suitability for discriminating between automated tools and direct human intervention. The results show that it is possible to differentiate automatic attacks from manual structured attacks; from the nature of the interactions with the honey items. The use of honey items found in the honeypot, such as in later parts of a structured attack, have been shown to be successful in classification of manual attacks, as well as towards providing an indication of severity of the attacks
Citation
Chacon, J., Mckeown, S., & Macfarlane, R. (2020, June). Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020), Dublin, Ireland
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020) |
Start Date | Jun 15, 2020 |
End Date | Jun 19, 2020 |
Acceptance Date | May 5, 2020 |
Online Publication Date | Jul 13, 2020 |
Publication Date | 2020 |
Deposit Date | Jun 9, 2020 |
Publicly Available Date | Jul 13, 2020 |
Publisher | Institute of Electrical and Electronics Engineers |
ISBN | 9781728164298 |
DOI | https://doi.org/10.1109/CyberSecurity49315.2020.9138859 |
Keywords | deception; honeypots; honeynets; honeytokens; APT; early intrusion detection; human actions; severity; intent |
Public URL | http://researchrepository.napier.ac.uk/Output/2667167 |
Files
Towards Identifying Human Actions, Intent, And Severity Of APT Attacks Applying Deception Techniques - An Experiment
(467 Kb)
PDF
You might also like
Fingerprinting JPEGs With Optimised Huffman Tables
(2018)
Journal Article
A forensic analysis of streaming platforms on Android OS
(2022)
Journal Article
InfoScout: An interactive, entity centric, person search tool.
(2016)
Presentation / Conference Contribution
Fast Filtering of Known PNG Files Using Early File Features
(2017)
Presentation / Conference Contribution
Microtargeting or Microphishing? Phishing Unveiled
(2020)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search