A systematic literature review on advanced persistent threat behaviors and its detection strategy

Mat, Nur Ilzam Che and Jamil, Norziana and Yusoff, Yunus and Kiah, Miss Laiha Mat (2024) A systematic literature review on advanced persistent threat behaviors and its detection strategy. Journal of Cybersecurity, 10 (1). tyad023. ISSN 2057-2085, DOI https://doi.org/10.1093/cybsec/tyad023.

Full text not available from this repository.
Official URL: https://doi.org/10.1093/cybsec/tyad023

Abstract

Advanced persistent threats (APTs) pose significant security-related challenges to organizations owing to their so- phisticated and persistent nature, and are inimical to the confidentiality , integrity , and availability of organizational information and services. This study systematically reviews the literature on methods of detecting APTs by compre- hensively surveying research in the area, identifying gaps in the relevant studies, and proposing directions for future work. The authors provide a detailed analysis of current methods of APT detection that are based on multi-stage attack-related behaviors. We adhered to the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines and conducted an extensive search of a variety of databases. A total of 45 studies, encompass- ing sources from both academia and the industry, were considered in the final analysis. The findings reveal that APTs have the capability to laterally propagate and achieve their objectives by identifying and exploiting existing systemic vulnerabilities. By identifying shortcomings in prevalent methods of APT detection, we propose integrating the multi- stage attack-related behaviors of APTs with the assessment of the presence of vulnerabilities in the network and their susceptibility to being exploited in order to improve the accuracy of their identification. Such an improved ap- proach uses vulnerability scores and probability metrics to determine the probable sequence of targeted nodes, and visualizes the path of APT attacks. This technique of advanced detection enables the early identification of the most likely targets, which, in turn, allows for the implementation of proactive measures to prevent the network from being further compromised. The research here contributes to the literature by highlighting the importance of integrating multi-stage attack-related behaviors, vulnerability assessment, and techniques of visualization for APT detection to enhance the overall security of organizations. © The Author(s) 2024.

Item Type: Article
Funders: UAEU (2024); (G00004629); (TRGS/1/2020/UNITEN/01/1/2), Ministry of Higher Education Malaysia under the Transdisciplinary Research Grant Scheme (TRGS) of Grant
Additional Information: Cited by: 0; All Open Access, Gold Open Access
Uncontrolled Keywords: Advanced persistent threat; Advanced persistent threat mitigation technique; Detec- tion technique; Meta-analysis; Mitigation techniques; Multi-stage attack; Preferred reporting item for systematic review and meta-analyze; Systematic literature review; Systematic Review; Threats mitigations; Energy security
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Faculty of Computer Science & Information Technology
Depositing User: Ms. Juhaida Abd Rahim
Date Deposited: 18 Nov 2024 07:18
Last Modified: 18 Nov 2024 07:18
URI: http://eprints.um.edu.my/id/eprint/44890

Actions (login required)

View Item View Item
UM Research Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.