| Summary: | The expansive usage of the Internet has set the stage for advanced persistent threats that has increased costs considerably in cyber space. Most of the time, entities exchange information and they are controlled remotely via many communication systems with a rich connectivity options on the Internet. Intruders accomplish advanced persistent threats by using such a rich connectivity options. These threats are extremely complex and they have unique features. Detecting such threats and corresponding attacks are therefore very difficult that circumstance makes classical intrusion detection systems impossible to deal with them. In this paper, a flow-based approach to detect advanced persistent threats is presented with a new model, namely FD-APT. The approach considers advanced persistent threats based attacks that are carried out with advanced malware. Moreover, FD-APT model distinguishes properties of malware types. The new approach is also analyzed with two case studies to highlight capabilities of FD-APT. The analyses results show that FD-APT helps to detect advanced persistent threats that are based on advanced malware.
|
|---|
