Publication:
A technical characterization of APTs by leveraging public resources

Thumbnail Image
Identifiers
URI: https://hdl.handle.net/10016/38885
ISSN: 1615-5262
DOI: https://doi.org/10.1007/s10207-023-00706-x
UXXI: AR/0000033131
Files
technical_IJIS_2023.pdf (1.1 MB)
Publication date
2023-06-15
Defense date
Authors
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Springer
Impact
Google Scholar
Export
Research Projects
Organizational Units
Journal Issue
Abstract
Advanced persistent threats (APTs) have rocketed over the last years. Unfortunately, their technical characterization is incomplete—it is still unclear if they are advanced usages of regular malware or a different form of malware. This is key to develop an effective cyberdefense. To address this issue, in this paper we analyze the techniques and tactics at stake for both regular and APT-linked malware. To enable reproducibility, our approach leverages only publicly available datasets and analysis tools. Our study involves 11,651 regular malware and 4686 APT-linked ones. Results show that both sets are not only statistically different, but can be automatically classified with F1 > 0.8 in most cases. Indeed, 8 tactics reach F1 > 0.9. Beyond the differences in techniques and tactics, our analysis shows thats actors behind APTs exhibit higher technical competence than those from non-APT malwares.
Description
Keywords
advanced persistent threat, apts, malware, mitre att and ck
Bibliographic citation
González-Manzano, L., de Fuentes, J.M., Lombardi, F. et al. A technical characterization of APTs by leveraging public resources. Int. J. Inf. Secur. 22, 1567–1584 (2023). https://doi.org/10.1007/s10207-023-00706-x
Collections
DI - COSEC - Artículos de Revistas
OpenAIRE: Open Access Infrastructure for Research in Europe