Publication:
A technical characterization of APTs by leveraging public resources

dc.affiliation.dptoUC3M. Departamento de Informáticaes
dc.affiliation.grupoinvUC3M. Grupo de Investigación: COSEC (Computer SECurity Lab)es
dc.contributor.authorGonzález Manzano, Lorena
dc.contributor.authorFuentes García-Romero de Tejada, José María de
dc.contributor.authorLombardi, Flavio
dc.contributor.authorRamos, Cristina
dc.contributor.funderComunidad de Madrides
dc.contributor.funderEuropean Commissionen
dc.contributor.funderMinisterio de Ciencia e Innovación (España)es
dc.contributor.funderUniversidad Carlos III de Madrides
dc.date.accessioned2023-11-16T10:34:25Z
dc.date.available2023-11-16T10:34:25Z
dc.date.issued2023-06-15
dc.description.abstractAdvanced persistent threats (APTs) have rocketed over the last years. Unfortunately, their technical characterization is incomplete—it is still unclear if they are advanced usages of regular malware or a different form of malware. This is key to develop an effective cyberdefense. To address this issue, in this paper we analyze the techniques and tactics at stake for both regular and APT-linked malware. To enable reproducibility, our approach leverages only publicly available datasets and analysis tools. Our study involves 11,651 regular malware and 4686 APT-linked ones. Results show that both sets are not only statistically different, but can be automatically classified with F1 > 0.8 in most cases. Indeed, 8 tactics reach F1 > 0.9. Beyond the differences in techniques and tactics, our analysis shows thats actors behind APTs exhibit higher technical competence than those from non-APT malwares.en
dc.description.sponsorshipThis work has been partially supported by grant DEPROFAKE-CM-UC3M funded by UC3M and the Government of Madrid (CAM); by CAM through Project CYNAMON, Grant No. P2018/TCS-4566-CM, co-funded with ERDF; by Ministry of Science and Innovation of Spain by grant PID2019-111429RB-C21; by TRUSTaWARE Project EU HORIZON 2020 Research and Innovation Programme GA No 101021377 trustaware.eu; and by TAILOR Project EU HORIZON 2020 Research and Innovation Programme GA No 952215 tailor-network.eu. Funding for APC: Universidad Carlos III de Madrid (Read & Publish Agreement CRUE-CSIC 2023).en
dc.identifier.bibliographicCitationGonzález-Manzano, L., de Fuentes, J.M., Lombardi, F. et al. A technical characterization of APTs by leveraging public resources. Int. J. Inf. Secur. 22, 1567–1584 (2023). https://doi.org/10.1007/s10207-023-00706-xen
dc.identifier.doihttps://doi.org/10.1007/s10207-023-00706-x
dc.identifier.issn1615-5262
dc.identifier.publicationfirstpage1567
dc.identifier.publicationlastpage1584
dc.identifier.publicationtitleInternational Journal of Information Securityen
dc.identifier.publicationvolume22
dc.identifier.urihttps://hdl.handle.net/10016/38885
dc.identifier.uxxiAR/0000033131
dc.language.isoeng
dc.publisherSpringeres
dc.relation.projectIDComunidad de Madrid. S2018/TCS-4566es
dc.relation.projectIDGobierno de España. PID2019-111429RB-C21es
dc.relation.projectIDinfo:eu-repo/grantAgreement/EC/101021377es
dc.relation.projectIDComunidad de Madrid. DEPROFAKE-CM-UC3Mes
dc.rights© 2023, The Author(s)
dc.rightsAtribución 3.0 España
dc.rights.accessRightsopen accessen
dc.rights.urihttp://creativecommons.org/licenses/by/3.0/es/
dc.subject.ecienciaInformáticaes
dc.subject.otheradvanced persistent threaten
dc.subject.otheraptsen
dc.subject.othermalwareen
dc.subject.othermitre att and cken
dc.titleA technical characterization of APTs by leveraging public resourcesen
dc.typeresearch article*
dc.type.hasVersionVoR*
dspace.entity.typePublication
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
technical_IJIS_2023.pdf
Size:
1.1 MB
Format:
Adobe Portable Document Format
Description: