Detection of advanced persistent threats using SIEM rulesets
| dc.contributor.author | Şimşek, Adem | |
| dc.contributor.author | Koltuksuz, Ahmet Hasan | |
| dc.date.accessioned | 2024-08-20T20:25:45Z | |
| dc.date.available | 2024-08-20T20:25:45Z | |
| dc.date.issued | 2023 | |
| dc.department | Antalya Belek Üniversitesi | en_US |
| dc.description.abstract | Cyber-attacks move towards a sophisticated, destructive, and persistent position, as in the case of Stuxnet, Dark Hotel, Poseidon, and Carbanak. These attacks are called Advanced Persistent Threats (APTs), in which an intruder establishes an undetected presence in a network to steal sensitive data over a prolonged period. APT attacks threaten the main critical areas of today's digitalized life. This threat covers critical infrastructures, finance, energy, and aviation agencies. One of the most significant APT attacks was Stuxnet, which targeted the software controlling the programmable logic controllers (PLCs) that are, in turn, used to automate machine processes. The other one was the Deep Panda attack discovered in 2015, which compromised over 4 million US personnel records because of the ongoing cyberwar between China and the US. This paper explains the difficulties of detecting APTs and examines some of the research in this area. In addition, we also present a new approach to detecting APTs using the Security Information and Event Management (SIEM) solution. In this approach, we recommend establishing APT rulesets in SIEM solutions using the indicators left behind by the attacks. The three basic indicator types are considered in the rulesets and are examined in detail. | en_US |
| dc.identifier.doi | 10.46519/ij3dptdi.1353341 | |
| dc.identifier.endpage | 477 | en_US |
| dc.identifier.issn | 2602-3350 | |
| dc.identifier.issue | 3 | en_US |
| dc.identifier.startpage | 471 | en_US |
| dc.identifier.trdizinid | 1217898 | en_US |
| dc.identifier.uri | https://doi.org/10.46519/ij3dptdi.1353341 | |
| dc.identifier.uri | https://search.trdizin.gov.tr/tr/yayin/detay/1217898 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14591/81 | |
| dc.identifier.volume | 7 | en_US |
| dc.indekslendigikaynak | TR-Dizin | en_US |
| dc.language.iso | en | en_US |
| dc.relation.ispartof | International Journal of 3D Printing Technologies and Digital Industry | en_US |
| dc.relation.publicationcategory | Makale - Ulusal Hakemli Dergi - Kurum Öğretim Elemanı | en_US |
| dc.rights | info:eu-repo/semantics/openAccess | en_US |
| dc.subject | Cyber Security | en_US |
| dc.subject | Cyber War | en_US |
| dc.subject | APT | en_US |
| dc.subject | SIEM | en_US |
| dc.subject | Intrusion Detection System | en_US |
| dc.title | Detection of advanced persistent threats using SIEM rulesets | en_US |
| dc.type | Article | en_US |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- adem-simsek.pdf
- Size:
- 613.46 KB
- Format:
- Adobe Portable Document Format
