The big four - What we did wrong in advanced persistent threat detection?

Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Volumn , Issue , 2013, Pages 248-254

  Virvilis, Nikos ^a   Gritzalis, Dimitris ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Advanced Persistent Threat; Duqu; Exploitation; Flame; Red October; Stuxnet; Zero Day

Indexed keywords

ADVANCED PERSISTENT THREAT; DUQU; EXPLOITATION; FLAME; RED OCTOBER; STUXNET; ZERO DAY;

COMPUTER CRIME;

EID: 84892403835     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2013.32     Document Type: Conference Paper

References (20)

1. Fisher, D.:Threatpost. [Online] 15June2012 [Cited: 0102 2013] https://threatpost.com/en-us/blogs/what-have-we-learned-flame-malware-061512
2. Lemos, R.: Infoworld. [Online] 19 January 2011 [Cited: 02 02 2013] http://www.infoworld.com/t/malware/stuxnet-attack-more-effective-bombs-888
3. Schwartz, M.: Information week. [Online] 14January 2013 [Cited: 12 02 2013] http://www.informationweek.com/security/attacks/red-october-espionage- network-rivals-fla/24014621B
4. Chen, T., Abu-Nimeh, S.: Lessons from Stuxnet. In: Computer, Vol. 44, No. 4, pp. 91-93, April 2011 DOI=10.1109/MC.2011.11B http://dx.doi.org/10.1109/MC. 2011.11B
5. Larimer, J.: An insidelookatStuxnet. IBM, 2010.
6. Bencsath, B., Pek, C., Buttyan, L., Felegyhazi, M.: Duqu: Analysis, detection, and lessons learned. In: Proc. ofACM Eu?ropean Workshop on System Security (EuroSec-2012), 2012.
7. Bencsath, B., Pek, C., Buttyan, L., Felegyhazi, M.: The Cousins of Stuxnet: Duqu, Flame, and Causs. In: Future Internet, Vol. 4, No. 4, pp. 971-1003, 2012.
8. Kaspersky Labs. "Red October" DiplomaticCyberAttacksInvestigation. [Online] 14January 2013 [Cited: 1B 01 2013] http://www.securelist.com/en/analysis/204792262/Red-October-Diplomatic-Cyber- Attacks-Investigation
9. Binde, E., McRee, R., O'Connor, T.: Assessing Outbound Traffic to UncoverAdvanced Persistent Threat. SANS Institute. Online] 2011 [Cited: 21 12 2012] http://www.sans.edu/student-files/projects/JWP-Binde-McRee-OConnor.pdf
10. Langner, R.: Stuxnet: Dissecting a Cyberwarfare Weapon. In: IEEE Security & Privacy, Vol. 9, No. 3, pp. 49-B1, May-June 2011.
11. Walter, J.: "Flame Attacks": Briefingandlndicators. McAfeeLabs,2012.
12. Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley, USA, 2002.
13. Field, S.: An introduction to kernel patch protection. [Online] 12 August 2006. [Cited: 08 02 2013.] http://blogs.msdn.com/b/
14. Microsoft: [Online] [Cited: 1102 2013.] http://office.microsoft.com/en- 001/excel-help/what-is-protected-view-HA0103BB931.aspx.
15. Cohen, F.: Computer Viruses. ASP Press, USA, 1986.
16. Denault, M., 6ritzalis, D., Karagiannis, D., Spirakis, P.: Intrusion detection: Evaluation and performance issues of the SECURENET system. In: Computers&Security, Vol. 13, No. 6, pp. 49B-B08, October 1994.
17. Doumas, A., Mavroudakis, K., Critzalis, D., Katsikas, S.: Design of a neural network for recognition and classification of computer viruses. In: Computers& Security, Vol. 14, No. B, pp. 43B-448, October 199B.
18. Lambrinoudakis, C., Critzalis, D., Tsoumas, V., Karyda, M., Ikonomopoulos, S.: Secure electronic voting: The current landscape. In: Secure Electronic Voting, critzalis D. (Ed.), pp. 101-122, Kluwer Academic Publishers, USA, 2003.
19. Lekkas, D., Critzalis, D.: Long-term verifiability of healthcare records authenticity. In: InternationalJournal ofMedical Informatics, Vol. 76, Issue B-6, pp. 442-448, 2006.
20. Iliadis, J., 6ritzalis, D., Spinellis, D., Preneel, B., Katsikas, S.: Evaluating certificate status information mechanisms. In: Proc. ofthe 7th ACM Computer& CommunicationsSecurity Conference (CCS-2000), pp. 1-9, ACM Press, USA, 2000.