Building a multi-agent system for APT detection

Intrusion Detection

SIC/12

Finished

Defence Funded Research

August 2014 August 2018

49 months

Georgi Nikolov

The threats, faced by government and military networks, have increased in such a way that regular perimeter defense and endpoint security solutions are no longer sufficient. Sooner or later one or more hosts in our networks will be the victim of a targeted attack and therefore it is essential that we have the capability of detecting these compromised hosts as quickly as possible so we can limit the impact of the incident.

In this study we will develop a prototype system that combines detection algorithms, found in scientific literature, with new detection algorithms, developed in the context of the study. The detectors, as well as the algorithms that aggregate the evidence provided by the individual detectors, will implement domain knowledge provided by network security specialists.

Furthermore, the system will not decide by itself which connections are suspicious and which are not. It will rather incorporate a human expert in the decision loop and provide the expert with a visual tool for exploring the available data, guided by the outputs of the detectors.

MASFAD 2 at EDA CapTech Cyber

APT Detection MASFAD

Today we are proud to present the Multi-Agent System for APT Detection project (MASFAD 2) at the first meeting of the Capability Technology Area Cyber (CapTech Cyber) of the European Defense Agency (EDA).

Read
Webinar RMA

Blockchain APT Detection

A few weeks ago, we had the opportunity to present a short webinar on two topics currently under research in our department:

Read
What is Situation Awareness?

Intrusion Detection Visual Analytics APT Detection

The constant stream of data produced daily, the complicated environment and the need for quick reaction to malicious attacks make the life of cyber defense analyst a living nightmare. Many wonder how are we supposed to be able to review the gigabytes of logs produced daily, how can we manage to analyze them all and extract valuable insight into what is happening in the network?

Read
MITRE ATT&CK and the ATT&CK Matrix

Tools Offensive Security APT Detection

Defining cyber attacks is a difficult task. They vary in origins, goals and, at first glance, the techniques used might seem very different. Luckily a popular model was defined by Lockheed Martin, still used to this day, which illustrates very well the lifecycle of a typical cyber attack. The Cyber Kill Chain, popular but controversial, defines the 7 principal steps of an attack. There have been many advances, since its original conception, one o...

Read
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept