Litcius/Paper detail

A Review of Attribution Technical for APT Attacks

Yangyang Mei, Weihong Han, Shudong Li, Xiaobo Wu, Kaihan Lin, Yulu Qi

202212 citationsDOI

Abstract

Traditional Advanced Persistent Threat (APT) detection methods for “low-and-slow” attack patterns and frequent use of zero-day exploits are difficult to detect effectively. APT has become one of the most serious threats to cyberspace security. Attribution is a desired quality to counter a variety of attackers, and discovering the source and identity of the attacker through attribution and responding appropriately can help prevent future attacks. This paper begins by reviewing the process of APT attack attribution development, which we define as identifying the attacker (individual name, organization name, or alias), location (geographic location or Internet Protocol address), or attack process. Next we summarise the existing attribution models into 4 categories (Hierarchical Attribution Model, Diamond Model, Q Model, Enterprise Commercial Model). The evolutionary process of APT attribution techniques is then summarised and analysed. Finally future research directions for APT attribution are explored.

Topics & Concepts

AttributionCyberspaceComputer scienceExploitComputer securityProcess (computing)The InternetAuthorship attributionInternet privacyWorld Wide WebArtificial intelligencePsychologyOperating systemSocial psychologyNetwork Security and Intrusion DetectionInformation and Cyber SecurityAdvanced Malware Detection Techniques
A Review of Attribution Technical for APT Attacks | Litcius