Abstract
Cyber world is penetrating all domains of technology, and it has become increasingly evident that digitization poses threat to security and stability of a country. The attacks launched by cyber criminals have compounded, with sophisticated and hard to detect attack techniques, challenging existing security measures. Advanced persistent threats (APTs) are nation-state attacks targeting critical information infrastructure systems. The threat posed by such attacks is catastrophic to enterprises. The dynamic and evolving nature of APTs makes them unique, and security solutions for their detection are required to be adaptive and dynamic to the changing nature of these attacks. This chapter analyzes APT attacks from different perspectives and presents recent methodologies that were proposed for detection of APTs. The concept study of amalgamation of signature-based logs and anomalous logs for effective APT detection is presented in this paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abdullayeva F (2021) Advanced persistent threat attack detection method in cloud computing based on autoencoder and softmax regression algorithm. Array 10:100067
Bruce Schneier C (2022) Obligatory ChatGPT post. https://www.schneier.com/cryptogram/archives/2022/1215.html#cg22
Deloitte (2022) Advanced persistent threat: latest developments, potential impact and recommendations. https://www2.deloitte.com/ch/en/pages/risk/articles/advanced-persistent-threat.html
Parmar M, Domingo A (2019) On the use of cyber threat intelligence (CTI) in support of developing the commander’s understanding of the adversary. In: MILCOM 2019—2019 IEEE military communications conference (MILCOM), pp 1–6
IDG Communications, Inc. (2023) APT groups use ransomware TTPs as cover for intelligence gathering and sabotage. https://www.csoonline.com/article/3686580/apt-groups-use-ransomware-ttps-as-cover-for-intelligence-gathering-and-sabotage.html
Print T (2022) Biggest cyberattack in recent years’ hits Oil India HQ, hackers demand Rs 60 crore in Bitcoin. https://theprint.in/india/biggest-cyberattack-in-recent-years-hits-oil-india-hq-hackers-demand-rs-60-crore-in-bitcoin/914792/
Business Standard (2023) Hackers exploited discontinued web server at Tata Power: Microsoft. https://www.business-standard.com/article/companies/hackers-exploited-discontinued-web-server-at-tata-power-microsoft-122112400290_1.html
Rosenberg I, Sicard G, David E (2018) End-to-end deep neural networks and transfer learning for automatic analysis of nation-state malware. Entropy 20:390. https://doi.org/10.3390/e20050390
Naveen S, Puzis R, Angappan K (2020) Deep learning for threat actor attribution from threat reports. In: 2020 4th international conference on computer, communication and signal processing (ICCCSP), pp 1–6
Pajouh H, Azmoodeh A, Dehghantanha A, Parizi R (2020) MVFCC: a multi-view fuzzy consensus clustering model for malware threat attribution. IEEE Access 8:139188–139198. https://doi.org/10.1109/ACCESS.2020.3012907
Steffens T (2020) Attribution of advanced persistent threats: how to identify the actors behind cyber-Espionage. Springer Berlin Heidelberg. https://books.google.co.in/books?id=6FryDwAAQBAJ
Brandao P (2021) Advanced persistent threats (APT)-attribution-MICTIC framework extension. J Comput Sci 17:470–479
Mandiant (2019) Going ATOMIC: clustering and associating attacker activity at scale. https://www.mandiant.com/resources/clustering-and-associating-attacker-activity-at-scale
Huang L, Zhu Q (2020) A dynamic games approach to proactive defense strategies against advanced persistent threats in cyber-physical systems. Comput Secur 89:101660
Rass S, König S, Schauer S (2017) Defending against advanced persistent threats using game-theory. Publ Libr Sci (PLoS)
Kumar R, Singh S, Kela R (2022) Analyzing advanced persistent threats using game theory: a critical literature review
Moothedath S, Sahabandu D, Allen J, Clark A, Bushnell L, Lee W, Poovendran R (2020) A game-theoretic approach for dynamic information flow tracking to detect multistage advanced persistent threats. IEEE Trans Autom Control 65:5248–5263
Zhu T, Ye D, Cheng Z, Zhou W, Yu P (2023) Learning games for defending advanced persistent threats in cyber systems. IEEE Trans Syst Man Cybern Syst 53:2410–2422
Laurenza G, Lazzeretti R, Mazzotti L (2018) Malware triage for early identification of advanced persistent threat activities. CoRR. abs/1810.07321. http://arxiv.org/abs/1810.07321
Alrehaili M, Alshamrani A, Eshmawi A (2021) A hybrid deep learning approach for advanced persistent threat attack detection. In: The 5th international conference on future networks & distributed systems
Li J (2022) Detection of advanced persistent threat based on kill chain node mapping and LSTM. https://doi.org/10.1145/3501409.3501565
Shang L, Guo D, Ji Y, Li Q (2021) Discovering unknown advanced persistent threat using shared features mined by neural networks. Comput Netw 189:107937
Do Xuan C, Duong D (2022) Optimization of APT attack detection based on a model combining ATTENTION and deep learning. J Intell Fuzzy Syst 42. https://doi.org/10.3233/JIFS-212570
Cho D, Dao M (2021) A novel approach for APT attack detection based on combined deep learning model. Neural Comput Appl 33
Hofer-Schmitz K, Kleb U, Stojanovic B (2021) The influences of feature sets on the detection of advanced persistent threats. Electronics 10:704
Zimba A, Chen H, Wang Z, Chishimba M (2020) Modeling and detection of the multi-stages of advanced persistent threats attacks based on semi-supervised learning and complex networks characteristics. Future Gener Comput Syst 106:501–517
Alsanad A, Altuwaijri S (2022) Advanced persistent threat attack detection using clustering algorithms. https://doi.org/10.14569/IJACSA.2022.0130976
Anjum M, Iqbal S, Hamelin B (2021) ANUBIS: a provenance graph-based framework for advanced persistent threat detection
Han X, Pasquier T, Bates A, Mickens J, Seltzer M (2020) Unicorn: runtime provenance-based detector for advanced persistent threats. In: Proceedings 2020 network and distributed system security symposium
Cho D, Huong D (2022) A new approach for APT malware detection based on deep graph network for endpoint systems. Appl Intell 52:1–20
Ayoade G, Akbar K, Sahoo P, Gao Y, Agarwal A, Jee K, Khan L, Singhal A (2020) Evolving advanced persistent threat detection using provenance graph and metric learning. In: 2020 IEEE conference on communications and network security (CNS), pp 1–9
Oluoha O, Yange T, Okereke G, Bakpo F (2021) Cutting edge trends in deception based intrusion detection systems—a survey. J Inf Secur 12:250–269. https://doi.org/10.4236/jis.2021.124014
Baksi RP, Upadhyaya SJ (2020) Decepticon: a hidden Markov model approach to counter advanced persistent threats. Commun Comput Inf Sci 1186. https://doi.org/10.1007/978-981-15-3817-9_3
Amin MARA, Shetty S, Njilla L, Tosh DK, Kamhoua C. Hidden Markov model and cyber deception for the prevention of adversarial lateral movement. https://doi.org/10.1109/ACCESS.2021.3069105
Shu Z, Yan G (2018) Ensuring deception consistency for FTP services hardened against advanced persistent threats. In: Proceedings of the 5th ACM workshop on moving target defense
Myneni S, Chowdhary A, Sabur A, Sengupta S, Agrawal G, Huang D, Kang M (2020) DAPT 2020—constructing a benchmark dataset for advanced persistent threats
Coulter R, Zhang J, Pan L, Xiang Y (2021) Domain adaptation for windows advanced persistent threat detection. Comput Secur 112:102496
Medenou R, Mayo V, Balufo M, Castrillo M, Garrido F, Martinez A, Catalán D, Hu A, Rodriguez-Bermejo D, Vidal J, De Riquelme G, Berardi A, De Santis P, Torelli F, Sanchez S (2020) CYSAS-S3: a novel dataset for validating cyber situational awareness related tools for supporting military operations. In: Proceedings of the 15th international conference on availability, reliability and security. https://doi.org/10.1145/3407023.3409222
Al-Saraireh J, Masarweh A (2022) A novel approach for detecting advanced persistent threats. Egypt Inform J 23:45–55
Liu J, Shen Y, Simsek M, Kantarci B, Mouftah H, Bagheri M, Djukic P (2022) A new realistic benchmark for advanced persistent threats in network traffic. IEEE Netw Lett 4:162–166
Information Security (2021) HHS cyber security programme. https://www.hhs.gov/sites/default/files/zero-day-attacks-tlpwhite.pdf
Cynet (2022) Zero-day attacks, exploits, and vulnerabilities: a complete guide. https://www.cynet.com/zero-day-attacks/zero-day-vulnerabilities-exploits-and-attacks-a-complete-glossary/
Ramanathan RS, Panchal B, Saikrishna BVS (2022) Protection of national critical information infrastructure. Vivekananda International Foundations. https://www.vifindia.org/sites/default/files/Protection-of-National-Critical-Information-Infrastructure.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Addetla, S., Pachamuthu, R. (2025). Amalgamation of Divergent Logs for Detection of Advanced Persistent Threats in Cyber Threat Analysis. In: M. Thampi, S., Siarry, P., Atiquzzaman, M., Trajkovic, L., Lloret Mauri, J. (eds) Fifth International Conference on Computing and Network Communications. CoCoNet 2023. Lecture Notes in Electrical Engineering, vol 1219. Springer, Singapore. https://doi.org/10.1007/978-981-97-4540-1_35
Download citation
DOI: https://doi.org/10.1007/978-981-97-4540-1_35
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-4539-5
Online ISBN: 978-981-97-4540-1
eBook Packages: Computer ScienceComputer Science (R0)