DefinePK

Abstract

Advance Persistent Threats (APTs) are a continuous hacking process during which the perpetrator changes signatures and uses different malware to launch an attack. For these reasons most of the time APTs remain undetected by the conventional IDSs. Ironically a large amount of data is available regarding APTs in literature and online repositories. However, due to high adaptivity and large volume of data, analyzing information about APT incidents is challenging for security analysts. Several security models have been proposed for analysis and understanding of the APTs. In this regard, two recent approaches: Cyber Kill Chain (CKC) and Pyramid of Pain (POP) are noteworthy. CKC is an attacker model while POP is a defender model. If these approaches are combined into a suitable defense framework, then these can be used as an early warning system against APTs. The contributions of this paper are two-fold. The first is development of  CKC and POP’s standalone ontologies, identifying relationships between these and developing a common ontology of APTs. Secondly, we propose a novel framework “APTs Analysis and Classification System – A2CS”  which uses semantic rules for automatic analysis of APTs such as identification of their missing artifacts and inferencing of the Tactics, Techniques and Procedures being employed.