The threats, faced by government and military networks, have increased in such a way that regular perimeter defense and endpoint security solutions are no longer sufficient. Sooner or later one or more hosts in our networks will be the victim of a targeted attack and therefore it is essential that we have the capability of detecting these compromised hosts as quickly as possible so we can limit the impact of the incident.
In this study we will develop a prototype system that combines detection algorithms, found in scientific literature, with new detection algorithms, developed in the context of the study. The detectors, as well as the algorithms that aggregate the evidence provided by the individual detectors, will implement domain knowledge provided by network security specialists.
Furthermore, the system will not decide by itself which connections are suspicious and which are not. It will rather incorporate a human expert in the decision loop and provide the expert with a visual tool for exploring the available data, guided by the outputs of the detectors.
Today we are proud to present the Multi-Agent System for APT Detection project (MASFAD 2) at the first meeting of the Capability Technology Area Cyber (CapTech Cyber) of the European Defense Agency (EDA).
ReadA few weeks ago, we had the opportunity to present a short webinar on two topics currently under research in our department:
ReadIntrusion Detection Visual Analytics APT Detection
The constant stream of data produced daily, the complicated environment and the need for quick reaction to malicious attacks make the life of cyber defense analyst a living nightmare. Many wonder how are we supposed to be able to review the gigabytes of logs produced daily, how can we manage to analyze them all and extract valuable insight into what is happening in the network?
ReadTools Offensive Security APT Detection
Defining cyber attacks is a difficult task. They vary in origins, goals and, at first glance, the techniques used might seem very different. Luckily a popular model was defined by Lockheed Martin, still used to this day, which illustrates very well the lifecycle of a typical cyber attack. The Cyber Kill Chain, popular but controversial, defines the 7 principal steps of an attack. There have been many advances, since its original conception, one of which is the wildly acclaimed ATT&CK Matrix for Enterprise.
Read