APIVADS: A Novel Privacy-Preserving Pivot Attack Detection Scheme Based On Statistical Pattern Recognition

Abstract

Advanced cyber attackers often 'pivot' through several devices in such complex infrastructure to obfuscate their footprints and overcome connectivity restrictions. However, prior pivot attack detection strategies present concerning limitations. This paper addresses an improvement of cyber defence with APIVADS, a novel adaptive pivoting detection scheme based on traffic flows to determine cyber adversaries' presence based on their pivoting behaviour in simple and complex interconnected networks. Additionally, APIVADS is agnostic regarding transport and application protocols. The scheme is optimized and tested to cover remotely connected locations beyond a corporate campus's perimeters. The scheme considers a hybrid approach between decentralized host-based detection of pivot attacks and a centralized approach to aggregate the results to achieve scalability. Empirical results from our experiments show the proposed scheme is efficient and feasible. For example, a 98.54% detection accuracy near real-time is achievable by APIVADS differentiating ongoing pivot attacks from regular enterprise traffic as TLS, HTTPS, DNS and P2P over the internet.

Publication DOI: https://doi.org/10.1109/tifs.2022.3146076
Divisions: College of Business and Social Sciences > Aston Business School > Cyber Security Innovation (CSI) Research Centre
College of Business and Social Sciences > Aston Business School > Operations & Information Management
Additional Information: Copyright © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.” Funding Information: The work of Carsten Maple was supported in part by UKRI through the Academic Centre of Excellence in Cyber Security Research - University of Warwick under Grant EP/R007195/1, in part by The Alan Turing Institute under Grant EP/N510129/1, and in part by PETRAS, the National Centre of Excellence for IoT Systems Cybersecurity under Grant EP/S035362/1.
Uncontrolled Keywords: APT,lateral movement,network flow,pivot attack,privacy-preserving,Safety, Risk, Reliability and Quality,Computer Networks and Communications
Publication ISSN: 1556-6021
Last Modified: 18 Nov 2024 08:36
Date Deposited: 08 Feb 2023 12:43
Full Text Link:
Related URLs: https://ieeexpl ... ocument/9690881 (Publisher URL)
PURE Output Type: Article
Published Date: 2022-01-25
Accepted Date: 2022-01-10
Authors: Marques, Rafael Salema
Al-Khateeb, Haider (ORCID Profile 0000-0001-8944-123X)
Epiphaniou, Gregory
Maple, Carsten

Download

[img]

Version: Accepted Version

| Preview

Export / Share Citation


Statistics

Additional statistics for this record