A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions

Journal of Supercomputing

Volumn 75, Issue 8, 2019, Pages 4543-4574

  Singh, Saurabh ^a   Sharma, Pradip Kumar ^a   Moon, Seo Yeon ^a   Moon, Daesung ^b   Park, Jong Hyuk ^a  

^a Seoul National University of Science and Technology   (South Korea)

^b Electronics and Telecommunications Research Institute (ETRI)   (South Korea)

Author keywords

APT; Exploitation; Threat; Vulnerability; Zero day attack

Indexed keywords

LIFE CYCLE; SEMANTICS;

EXPLOITATION; FUTURE RESEARCH DIRECTIONS; NETWORK INTRUSIONS; THREAT; USE CASE SCENARIO; VULNERABILITY; WEB INFRASTRUCTURE; ZERO DAY ATTACK;

NETWORK SECURITY;

EID: 84986247560     PISSN: 09208542     EISSN: 15730484     Source Type: Journal    
DOI: 10.1007/s11227-016-1850-4     Document Type: Article

References (135)

1. Chen P, Desmet L, Huygens C (2014) A study on advanced persistent threats. In: ifip International Conference on Communications and Multimedia Security, pp 63–72
2. Jeun I, Lee Y, Won D (2012) A practical study on advanced persistent threats. Computer applications for security, control and system engineering. Springer, Berlin, Heidelberg, pp 144–152
3. Moon D, Im H, Lee JD, Jong Park H (2014) MLDS: multi-layer defense system for preventing advanced persistent threats. Symmetry 6(4):997–1010
4. Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur 8:16–19
5. Sood AK, Enbody RJ (2013) Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur Priv 11(1):54–61
6. Friedberg I, Skopik F, Settanni G, Fiedler R (2015) Combating advanced persistent threats: from network event correlation to incident detection. Comput Secur 48:35–57
7. Ask M, Bondarenko P, Rekdal JE, Nordbø A, Bloemerus P, Piatkivskyi D (2013) Advanced persistent threat (apt) beyond the hype. Project report in IMT4582 Networn security at Gjovin University College. Springer. https://andynor.net/static/fileupload/434/S2_NetwSec_Advanced_Persistent_Threat.pdf. Accessed 11 May 2016
8. Bodmer S, Kilger M, Carpenter G, Jones J (2012) Reverse deception: organized cyber threat counter-exploitation. McGraw Hill Education. https://www.mhprofessional.com/details.php?isbn=0071772499. Accessed 24 June 2016
9. Bilge L, Dumitras T (2012) Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, pp 833–844
10. Zetter K (2011) How digital detectives deciphered Stuxnet, the most menacing malware in history. Wired Mag 11:1–8
11. Falliere N, Murchu L, Chien E (2015) W32.Stuxnet.Dossier. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier. Accessed 10 May 2016
12. Mustafa T (2013) Malicious data leak prevention and purposeful evasion attacks: an approach to advanced persistent threat (APT) management. In: Electronics, Communications and Photonics Conference (SIECPC), Saudi International. IEEE, pp 1–5
13. Information-technology Promotion Agency, Design and Operational Guide to Cope with advanced persistent threats. Japan (IPA) (2011). https://www.ipa.go.jp/security/english/third.html. Accessed 25 Apr 2016
14. Smith AM, Toppel NY (2009) Case study: using security awareness to combat the advanced persistent threat. In: 13th Colloquium for Information Systems Security Education, pp 64–70
15. Hoglund G (2009) Advanced persistent threat, what APT means to your enterprise. http://www.issa-sac.org/info_resources/ISSA_20100219_HBGary_Advanced_Persistent_Threat.pdf. Accessed 22 Mar 2016
16. Dixon CJ, Pinckney T (2013) Indicating website reputations based on website handling of personal information. US Patent no. US 2006/0253583 A1
17. Bhatti AT (2015) Integrated analysis on case study of steve gibson ddos attack may 4th, 2001: performance of testing tools and in the context of business. Int J Res Comput Appl Robot 3(7):8–12
18. Cova M, Kruegel C, Vigna G (2012) Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proc. 19th Int’l Conf. World Wide Web, ACM
19. Sood AK, Enbody RJ (2011) Browser exploit packs death by bundled exploits. In: Proc. 21st Virus Bulletin Conf
20. Spear-Phishing, watering hole and drive-by attacks: the new normal. Invincea, Inc. https://www.invincea.com/wp-content/uploads/2013/10/Invincea-spear-phishing-watering-holedrive-by-whitepaper-2013.pdf. Accessed 20 June 2016
21. Kim CH, Kim S, Kim JB (2016) A study of agent system model for response to spear-phishing. Int Inf Inst Tokyo Inf 19(1):263
22. Branco R (2011) Into the darkness: dissecting targeted attacks. Qualys Blog. https://blog.qualys.com/securitylabs/2011/11/30/dissecting-targeted-attacks. Accessed 16 July 2016
23. Appelt D, Nguyen CD, Briand LC, Alshahwan N (2014) Automated testing for SQL injection vulnerabilities: an input mutation approach. In: Proceedings of the 2014 International Symposium on Software Testing and Analysis. ACM, pp 259–269
24. Huang W, Hsiao C, Lin N (2011) Mass meshing injection: Sidename.js (now cssminibar.js) ongoing. Armorize Malware Blog. http://blog.armorize.com/2011/06/mass-meshing-injectionsidenamejs.html. Accessed 14 June 2016
25. Huang W, Hsiao C, Lin N (2011) Malvertising on google doubleclick ongoing. Armorize Malware Blog. http://blog.armorize.com/2011/08/k985ytvhtm-fake-antivirus-mass.html. Accessed 26 July 2016
26. Information-technology Promotion Agency, Design and Operational Guide to Cope with advanced persistent threats. Japan (IPA) (2011). https://www.ipa.go.jp/security/english/third.html. Accessed 25 Apr 2016
27. Zhang YL, Xia GS (2013) The SSL MIMT attack with DNS spoofing. In: Applied Mechanics and Materials, vol. 385. Trans Tech Publications, pp 1647–1650
28. Wang Z (2014) POSTER: on the capability of DNS cache poisoning attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp 1523–1525
29. Yuan L, Chen CC, Mohapatra P, Chuah CN, Kant K (2013) A proxy view of quality of domain name service, poisoning attacks and survival strategies. ACM Trans Internet Technol (TOIT) 12(3):9
30. Yamada A, Kim THJ, Perrig A (2012) Exploiting privacy policy conflicts in online social networks. Technical Report: CMU-CyLab-12-005, Carnegie Mellon University
31. Balduzzi et al M (2012) A security analysis of Amazon’s elastic compute cloud service. In: Proc. 27th Ann. ACM Symp. Applied Computing, ACM
32. Ferrie P, Szor P (2004) Cabirn fever. Virus Bulletin Magazine
33. Stavrou A, Wang Z (2011) Exploiting smart-phone USB connectivity for fun and profit. In: BlackHat DC Conf
34. Rutkowska J (2009) Thoughts about trusted computing. In: EuSecWest Conf
35. Wang L, Jajodia S, Singhal A, Cheng P, Noel S (2014) k-zero day safety A network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans Dependable Secure Comput 11(1):30–44
36. Recent Zero-day exploits and vulnerabilities. https://www.fireeye.com/current-threats/recent-zero-day-attacks.html. Accessed 13 June 2016
37. What is a zero-day vulnerability? http://www.pctools.com/security-news/zero-day-vulnerability/. Accessed 6 July 2016
38. https://en.wikipedia.org/wiki/Zero-day_(computing). Accessed 15 May 2016
39. Choi J, Choi C, Lynn HM, Kim P (2015) Ontology based APT attack behavior analysis in cloud computing. In: 2015 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), pp 375–379
40. James PF, Rohozinski R (2011) Stuxnet and the future of cyber war. Surv Glob Polit Strat 53(1):23–40
41. Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference on IEEE Industrial Electronics Society, pp 4490–4494
42. Langner R (2011) Stuxnet: dissecting a cyber warfare weapon. IEEE Secur Priv 9(3):49–51
43. Falliere N, Murchu LO, Chien E (2011) W32.Stuxnet Dossier, Symantec security response, Version 1.4
44. Parmar B (2012) Protecting against spear-phishing. Comput Fraud Secur 2012(1):8–11
45. Caputo DD, Pfleeger SL, Freeman JD, Johnson ME (2014) Going spear phishing: exploring embedded training and awareness. IEEE Secur Priv 12(1):28–38
46. Faisal Mohammad, Ibrahim Mohammad (2012) STUXNET, DUQU and beyond. Int J Sci Eng Investig 1(2):75–78
47. Bencsáth B, Pék G, Buttyán L, Félegyházi M (2012) The cousins of Stuxnet: Duqu, Flame, and Gauss. Future Internet 4(4):972–1003
48. Chen P, Desmet L, Huygens C (2014) A study on advanced persistent threats. Commun Multimed Secur 8735:63–72
49. http://www.enterpriseitnews.com.my/malaysia-organizations-more-likely-to-be-targeted-with-cyber-attacks-fireeye-report/3.4ref. Accessed 10 June 2016
50. https://www.fireeye.com/current-threats/annual-threat-report.html3.4ref. Accessed 19 June 2016
51. http://www.computerweekly.com/news/4500260196/Cyber-attacks-an-increasing-concern-for-Asean-countries. Accessed 10 May 2016
52. http://www.computerweekly.com/news/4500260196/Cyber-attacks-an-increasing-concern-for-Asean-countries. Accessed 5 July 2016
53. Davis J, Clarck A (2011) Data preprocessing for anomaly based network intrusion detection: a review. Comput Secur 30:353–375
54. Kai HM, Liu XJ, Liu YF, Zhou L (2011) Reducing false negatives in intelligent intrusion detection decision response system. Appl Mech Mater 128:676–681
55. Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, Oakland
56. Zhou C, Leckie C, Karunasekera S (2010) A survey of coordinated attacks an collaborative intrusion detection. Comput Secur 29:124–140
57. Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutor 12(3):343–356. doi:10.1109/SURV.2010.032210.00054
58. Trammell B, Claise B (2015) Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. https://tools.ietf.org/html/rfc7011. Accessed 29 July 2015
59. Cisco: Cisco IOS NetFlow. http://cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html. Accessed 29 July 2015
60. University of California: KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 29 July 2015
61. MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation. http://www.ll.mit.edu/ideval/data/. Accessed 29 July 2015
62. Julisch K, Kruegel C (2005) Detection of intrusions and malware, and vulnerability assessment. In: Proceedings of 2nd International Conference, DIMVA Vienna, Austria, July 7–8. Springer, New York
63. Abdoli F, Kahani, M (2009) Ontology-based distributed intrusion detection system. In: Computer Conference, 2009. CSICC 2009,14th International CSI. IEEE, pp 65–70
64. W3C: Semantic web. http://www.w3.org/standards/semanticweb/. Accessed 29 July 2015
65. Chiang HS, Tsaur WJ (2009) Ontology-based mobile malware behavioral analysis. Da-Yeh University, Changhua
66. Huang HD, Chuang TY, Tsai YL, Lee CS (2010) Ontology-based intelligent system for malware behavioral analysis. In: Fuzzy Systems (FUZZ), IEEE International Conference on, pp 1–6
67. W3C: SPARQL 1.1 Overview. http://www.w3.org/TR/sparql11-overview/. Accessed 29 July 2015
68. Stanford Center for Biomedical Informatics Research: Protégé. http://protege.stanford.edu/. Accessed 29 July 2015
69. Apache Software Foundation: Apache JENA. https://jena.apache.org/. Accessed 27 July 2015
70. Christodorescu M, Jha S, Seshia S, Song D, Bryant RE (2005) others: Semantics-aware malware detection. In: Security and Privacy, IEEE Symposium, pp 32–46
71. Scheirer W, Chuah MC (2008) Syntax vs. semantics: competing approaches to dynamic network intrusion detection. Int J Secure Netw 3(1):24–35
72. Hirono S, Yamaguchi Y, Shimada H, Takakura H (2014) Development of a secure traffic analysis system to trace malicious activities on internal networks. In: Proceeding of IEEE 38th Annual Conference on Computer Software and Applications Conference (COMPSAC). IEEE, pp 305–310
73. Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3):273–297
74. Andersson S, Clark A, Mohay G, Schatz B, Zimmermann J (2005) A framework for detecting network-based code injection attacks targeting Windows and UNIX. In: Computer Security Applications Conference, 21st Annual, p 10
75. Chien SH, Chang EH, Yu CY, Ho CS (2007) Attack sub plan based attack scenario correlation. Int Conf Mach Learn Cybern 4:1881–1887
76. Cisco: Snort.Org. https://www.snort.org/. Accessed 10 Jan 2015
77. Zhu B, Ghorbani AA (2005) Alert correlation for extracting attack strategies. Ph.D. thesis, Citeseer
78. AlEroud A, Karabatis G (2013) A system for cyber attack detection using contextual semantics. In: 7th International Conference on Knowledge Management in Organizations: Service and Cloud Computing. Springer, New York, pp 431–442
79. He P, Karabatis G (2012) Using semantic networks to counter cyber threats. In: Intelligence and Security Informatics (ISI), IEEE International Conference on, pp 184–184
80. Shannon CE (2001) A mathematical theory of communication. ACM SIGMOBILE Mob Comput Commun Rev 5(1):3–55
81. Münz G, Carle G (2007) Real-time analysis of flow data for network attack detection. In: Integrated Network Management, 2007. IM’07. 10th IFIP/IEEE International Symposium on, pp 100–108
82. Vance A (2014) Flow based analysis of advanced persistent threats detecting targeted attacks in cloud computing. In: Info communications Science and Technology, 2014 1st International Scientific-Practical Conference Problems of, pp 173–176
83. Krishnamurthy B, Sen S, Zhang Y, Chen Y (2003) Sketch-based change detection: methods, evaluation, and applications. In: Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, pp 234–247
84. Aleroud A, Karabatis G (2014) Context infusion in semantic link networks to detect cyber-attacks: a flow-based detection approach. IEEE, pp 175–182
85. Razzaq A, Latif K, Ahmad HF, Hur A, Anwar Z, Bloodsworth PC (2014) Semantic security against web application attacks. Inf Sci 254:19–38. doi:10.1016/j.ins.2013.08.007
86. Razzaq A, Anwar Z, Ahmad HF, Latif K, Munir F (2014) Ontology for attack detection: an intelligent approach to web application security. Comput Secur 45:124–146. doi:10.1016/j.cose.05.005
87. McGuinness DL, Van HF (2004) OWL web ontology language overview. W3C Recomm 10(10):101
88. Meier M (2004) A model for the semantics of attack signatures in misuse detection systems. In: Information security. Lecture notes in computer science, vol 3225. Springer, New York, pp 158–169
89. Guarino N, Welty CA (2009) An overview of OntoClean. In: Handbook on ontologies. Springer, New York, pp 201–220
90. Razzaq A, Ahmed HF, Hur A, Haider N (2009) Ontology based application level intrusion detection system by using Bayesian filter. In: Computer Control and Communication, 2009. IC4 2nd International Conference on, pp 1–6
91. Sangeetha S, Vaidehi V (2010) Fuzzy aided application layer semantic intrusion detection system—FASIDS. Int J Netw Secur Appl 2(2):39–56
92. Farrell JA (2015). http://www.cs.man.ac.uk/~pjj/farrell/comp2.html#EBNF. Accessed 29 July 2015
93. Kosko B (1986) Fuzzy cognitive maps. Int J Man Mach Stud 24(1):65–75
94. Balduzzi M, Ciangaglini V, McArdle R (2013) Targeted attacks detection with spunge. In: 11th Annual International Conference on Privacy, Security and Trust (PST), 2013, pp 185–194
95. Levenshtein VI (1966) Binary codes capable of correcting deletions, insertions, and reversals. Sov Phys Doklady 10:707–710
96. Thakar U, Dagdee N (2010) Pattern analysis and signature extraction for intrusion attacks on web services. Int J Netw Secur Appl 2(3):190–205. doi:10.5121/ijnsa.2010.2313
97. W3C: SOAP Version 1.2 Part 1: Messaging Framework (Second Edition). http://www.w3.org/TR/soap12/. Accessed 22 July 2015
98. Zarras A, Papadogiannakis A, Gawlik R, Holz T (2014) Automated generation of models for fast and precise detection of HTTP based malware. In: 12th Annual International Conference on. Privacy, Security and Trust (PST), pp 249–256
99. Gamer T, Scholler M, Bless R (2006) A granularity-adaptive system for in-network attack detection. In: Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, pp 47–50
100. Luo X, Chan EW, Chang RK (2006) Vanguard: a new detection scheme for a class of TCP-targeted denial-of-service attacks. In: Network Operations and Management Symposium, NOMS, 10th IEEE/IFIP, pp 507–518
101. Ansarinia M, Asghari SA, Souzani A, Ghaznavi A (2012) Ontology-based modeling of DDoS attacks for attack plan detection. In: 2012 6th International Symposium on Telecommunications (IST), pp 993–998
102. MITRE Corporation: CAPEC-Common Attack Pattern Enumeration and Classification (CAPEC). https://capec.mitre.org/. Accessed 22 Sept 2015
103. MITRE Corporation: CVE-Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/. Accessed 22 Sept 2015
104. MITRE Corporation: CWE-Common Weakness Enumeration. https://cwe.mitre.org/. Accessed 22 Sept 2015
105. MITRE Corporation: Common Event Expression: CEE, A Standard Log Language for Event Interoperability in Electronic Systems. https://cee.mitre.org/. Accessed 29 July 2015
106. Sikorski M, Honig A (2012) Practical malware analysis: the hands-on guide to dissecting malicious software. No Starch, San Francisco
107. Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv (CSUR) 44(2):6
108. Idika N, Mathur AP (2007) A survey of malware detection techniques. Technical report 286, Department of Computer Science, Purdue University, USA
109. Wagner M, Fischer F, Luh R, Haberson A, Rind A, Keim D, Aigner W, Borgo R, Ganovelli F, Viola I (2015) A Survey of Visualization Systems for Malware Analysis. In: EG Conference on Visualization (EuroVis)-STARs, pp 105–125
110. Dornhackl H, Kadletz K, Luh R, Tavolato P (2014) Malicious behavior patterns. In: IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp 384–389
111. th National computer Security Conference, pp 11–21
112. Peyman K, Ali AG (2005) Research on intrusion detection and response: a survey. IJ Netw Secur 1(2):84–102
113. Wagner D, Soto P (2002) Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp 255–264
114. Landwehr CE, Bull AR, McDermott JP, Choi WS (1994) A taxonomy of computer program security flaws. ACM Comput Surv (CSUR) 26(3):211–254
115. Raskin V, Hempelmann CF, Triezenberg KE, Nirenburg S (2001) Ontology in information security: a useful theoretical foundation and methodological tool. In: Proceedings of the Workshop on New Security Paradigms, pp 53–59
116. FernándezL M, Gómez-Pérez A, Juristo N (1997) Methontology: from ontological art towards ontological engineering. In: AAAI Symposium on Ontological Engineering, American Association for Artificial Intelligence
117. Anagnostopoulos T, Anagnostopoulos C, Hadjiefthymiades S (2005) Enabling attack behavior prediction in ubiquitous environments. In: Pervasive Services, 2005. ICPS’05, Proceedings of International Conference on, pp 425–428
118. Yan W, Hou E, Ansari N (2004) Extracting attack knowledge using principal-subordinate consequence tagging case grammar and alerts semantic networks. In: Local Computer Networks, 29th Annual IEEE International Conference on, pp 110–100
119. International secure systems lab: anubis-malware analysis for unknown binaries. https://anubis.iseclab.org/. Accessed 29 July 2015
120. Zimmer D, Unland R (1999) On the semantics of complex events in active database management systems. In: 1999, Proceedings of 15th International Conference on, Data Engineering, pp 392–399
121. Debar H, Curry D, Feinstein B (2015) The Intrusion Detection Message Exchange Format (IDMEF). https://www.ietf.org/rfc/rfc4765.txt. Accessed 29 July 2015
122. Totel E, Vivinis B, Mé L (2004) A language driven intrusion detection system for event and alert correlation. In: Proceedings at the 19th IFIP International Information Security Conference. Kluwer Academic, Toulouse, Springer, New York, pp 209–224
123. Alienvault: OSSIM: The Open Source SIEM | AlienVault. https://www.alienvault.com/products/ossim. Accessed 29 July 2015
124. Gorodetski V, Kotenko I, Karsaev O (2003) Multi-agent technologies for computer network security: attack simulation, intrusion detection and intrusion detection learning. Comput Syst Sci Eng 18(4):191–200
125. Bhatt P, Yano ET, Gustavsson P (2014) Towards a framework to detect multi-stage advanced persistent threat sattacks. Proceeding of IEEE 8th international symposium on service oriented system engineering (SOSE). IEEE, pp 390–395
126. Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead Issues Inf Warfare Secur Res 1:80
127. Mathew S, Upadhyaya S, Sudit M, Stotz A (2010) Situation awareness of multistage cyber attacks by semantic event fusion. In: Military Communications Conference, 2010-MILCOM 2010. IEEE, pp 1286–1291
128. Stotz A, Sudit M (2007) Information fusion engine for real-time decision-making (INFERD): a perceptual system for cyber attack tracking. In: Information Fusion, 2007 10th International Conference on, pp 1–8
129. Mathew S, Giomundo R, Upadhyaya S, Sudit M, Stotz A (2006) Understanding multistage attacks by attack-track based visualization of heterogeneous event streams. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security, pp 1–6
130. GlobalSecurity.org: Open Source Information System (OSIS). http://www.globalsecurity.org/intell/systems/ osis.htm. Accessed 29 July 2015
131. Atighetchi M, Griffith J, Emmons I, Mankins D, Guidorizzi R (2014) Federated access to cyber observables for detection of targeted attacks. In: Proceeding of IEEE on Military Communications Conference (MILCOM), IEEE. pp 60–66
132. Sadighian A, Zargar ST, Fernandez JM, Lemay A (2013) Semantic-based context-aware alert fusion for distributed Intrusion Detection Systems. In International Conference on, Risks and Security of Internet and Systems (CRiSIS), pp 1–6
133. Gabriel R, Hoppe T, Pastwa A, Sowa S (2009) Analyzing malware log data to support security information and event management: some research results. In: Proceeding of IEEE First International Conference on Advances in Databases, Knowledge, and Data Applications (DBKDA). IEEE, pp 108–113
134. Langeder S (2014) Towards dynamic attack recognition for SIEM. Ph.D. thesis, St. Poelten University of Applied Sciences
135. Strasburg C, Basu S, Wong JS (2013) S-MAIDS: a semantic model for automated tuning, correlation, and response selection in intrusion detection systems, In: Proceeding of IEEE 37th Annual Conference on Computer Softwareand Applications Conference (COMPSAC). IEEE, pp 319–328