Advanced Persistent Threats (APTs) represent the most challenging threats to the security and safety of the cyber landscape. APTs are human-driven attacks backed by complex strategies that combine multidisciplinary skills in information technology, intelligence, and psychology. Defending large organisations with tens of thousands of hosts requires similar multi-factor approaches. We propose a novel framework that combines different techniques based on big data analytics and security intelligence to support human analysts in prioritising the hosts that are most likely to be compromised. We show that the collection and integration of internal and external indicators represents a step forward with respect to the state of the art in the field of early detection and mitigation of APT activities.
Countering Advanced Persistent Threats through Security Intelligence and Big Data Analytics / MARCHETTI, Mirco; PIERAZZI, FABIO; GUIDO, ALESSANDRO; COLAJANNI, Michele. - STAMPA. - (2016), pp. 243-261. (Intervento presentato al convegno IEEE CyCon 2016 tenutosi a Tallinn, Estonia nel June 2016) [10.1109/CYCON.2016.7529438].
Countering Advanced Persistent Threats through Security Intelligence and Big Data Analytics
MARCHETTI, Mirco;COLAJANNI, Michele
2016
Abstract
Advanced Persistent Threats (APTs) represent the most challenging threats to the security and safety of the cyber landscape. APTs are human-driven attacks backed by complex strategies that combine multidisciplinary skills in information technology, intelligence, and psychology. Defending large organisations with tens of thousands of hosts requires similar multi-factor approaches. We propose a novel framework that combines different techniques based on big data analytics and security intelligence to support human analysts in prioritising the hosts that are most likely to be compromised. We show that the collection and integration of internal and external indicators represents a step forward with respect to the state of the art in the field of early detection and mitigation of APT activities.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
