11 June 2024 14h00-14h30
Georgi Nikolov
With the rapid growth of the Internet, network infrastructures need to keep pace and develop their cyber security awareness through the use of different Intrusion Detection (IDS) and Prevention Systems (IPS). These systems often are dependent on signature-based detection and the availabilityof signatures generated from previously detected attacks, but are lacking in their capability of detecting previously unknown threats. A major push has been made to develop new detection mechanisms to enhance cyber situation awareness, more precisely detection based on anomaly and behavior-based analysis.
The Multi-agent System for Advanced Persistent Threat Detection (MASFAD), offers a possible solution by focusing on anomaly and behavior-based analysis. The goal of the framework is to work in parallel with existing detection tools, offering a bigger detection surface by detecting threats that might escape typical IDS and IPS technologies. There has been much work in the field of malware detection on finding ways to detect threats based on their characteristics, for example by analyzing malware characteristics extracted from network traffic. The MASFAD framework follows the same approach, by identifying key characteristics present in the majority of Advanced Persistent Threats (APTs) it aims to detect threats with a high percentage of true positives, while reducing the amount of false detection.
In this talk, we will present the MASFAD framework, explaining how a behavior-based approach to APT detection can bolster our defenses against malicious actors. We will also discuss how such systems can help strengthen the Cyber Situation Awareness of users for the faster and more precise identification of suspicious and malicious activity.