Scribd
Upload
53 views4 pages

APT Abstract Project Proposal

The project aims to develop a deception framework using multilayer decoy systems to detect and capture targeted enterprise attacks like APTs. The framework will include an email sandboxing engine using machine learning and deception to identify spear phishing emails and an analytics engine to detect APT attacks. It will generate attack data feeds in machine-readable formats and provide intelligence on APT intrusions by modeling the intrusion kill chain and identifying threats early.

Uploaded by

Shivani Arya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
53 views4 pages

APT Abstract Project Proposal

The project aims to develop a deception framework using multilayer decoy systems to detect and capture targeted enterprise attacks like APTs. The framework will include an email sandboxing engine using machine learning and deception to identify spear phishing emails and an analytics engine to detect APT attacks. It will generate attack data feeds in machine-readable formats and provide intelligence on APT intrusions by modeling the intrusion kill chain and identifying threats early.

Uploaded by

Shivani Arya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

1.

Title of the project


Design and Development of Deception Framework for Capturing and Collection
of Enterprise specific targeted attacks.

2. Project Lead : Shivani Arya

3. Nature of the project : Research & Development

4. Objective of the project:

The objective of the project is to carry out research and development of


deception framework & analysis techniques for capturing and detecting
enterprise specific attacks adversary’s activities and leveraging intelligence to
generate attack data feeds.

a) Design & Development of Multilayer Deception Framework for capturing of


enterprise specific targeted attacks such as APTs.

b) Research and Development of email sand-boxing engine for deception based


framework to detect potential APT infiltration activity inside the organizational
network.

c) Design and Development of analytics engine for the detection of APT attacks.

5. Brief Outline of the project:

Targeted attacks consist of sophisticated malware developed by attackers having


the resources and motivation to research targets in depth. Although rare, such
attacks are particularly difficult to defend against and can be extremely harmful.
=> The first stage of any targeted attack involves gathering information about the
intended target through social engineering attacks have used spear-phishing
emails as a prime vector to infiltrate the networks of targeted organizations.

=>To effectively mount a targeted attack, an attacker needs to be able to


effectively control any compromised machine within a targeted network.

=> The attacker would require privileged escalation with in the targeted network
and once they’re in the system,they(attacker) can move laterally to other systems
and accounts in order to gain more leverage: whether that’s higher permissions,
more data, or greater access to systems

=>A successful targeted attack is one that can stay in progress for as long as the
C&C behind it require. Like anything else, the attacker needs to perform
maintenance on an attack in progress to keep it operational.
The term Advanced persistent threats (APT) one of the kind refers to a class of
attacks that target organizational network for data theft, use social engineering
based propagation vectors and remain slow and low once they successfully
penetrate inside the organizational network. While the traditional cyber-attacks
propagate as broadly as possible to improve the chances of their success and
maximize the harvest, APT attacks only focuses on its pre-defined targets,
limiting its attack range. Factors such as, use of social engineering techniques as
propagation vector, persistent nature, targeting specific functional domains,
tendency to remain dormant for long time and use of zero-day vulnerability
exploits makes capturing and analysis of these APT attacks a challenge.

The second major challenge being involved is that such attacks are meticulously
planned, and typically have multiple steps involved. While a specific APT attack
may have its unique features, the stages of APT attacks are similar and they
differ mostly in the techniques used in each stage.

The proposed deception framework will consist of an array of distributed decoy


systems used to portray deception across multiple layers of interaction by
attackers in organizational network. Each of such layers and data elements will
serve as a deceptive lure aiding in the successful deception, disruption, detection
and capturing of attacker and its attack automation software. The events logged
at each layer of the deception stack will be collected, correlated, and analyzed
using deep learning algorithms running on top of the big data analytics
framework for the detection of such attacks. The detected attacks will be
classified labeled and scored and given as input to the attack data feed
generation & sharing mechanism.
The attack data feed generation module will generate the attack data feeds in
readily integral machine digestible formats. This module will use mechanisms for
knowledge extraction, classification and scoring module for identifying, extracting
and leveraging the intelligence from APT intrusions.
To address the second challenge including the description of different phases of
an APT attack, proposed solution will introduce an attack model based on the
concept of an “intrusion kill chain” that would help in understanding threat actors’
techniques in each stage and identifying the threat in the early stages that in turn
would help mitigate data loss, save countless man-hours and save security team
many sleepless nights.

Figure 2: Cyber Kill-Chain process

In continuation to this , the another component which acts as an entry point for
APT kind of attacks is email sandboxing solution.This solution uses a
combination of machine learning techniques along with deception as an active
tool for the detection of such attacks. The proposed component takes the emails
from the organizational mail server. Then it filters all the emails and processes
them using machine learning techniques to sift out the possible spear-phishing
emails. These emails are further processed by the static exploit detection
engines which analyze the attachments and URLs present in the email. The
emails with the malicious contents are processed by deception sandnet. The
deception sandnet emulates the organizational network scenario along with the
targeted end users system. The deception network along with the fake end-user
system is loaded with the data capturing tools, decoys, beacons and traps which
not only confirms the targeted attacks but also provides the necessary and
sufficient artifacts required for attack attribution.

You might also like