An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors

  title={An Empirical Assessment of Endpoint Security Systems Against Advanced Persistent Threats Attack Vectors},
  author={George Karantzas and Constantinos Patsakis},
Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state-of-the-art EDRs fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we… 
3 Citations
Endpoint detection and response using machine learning
  • Harmionee Kaur, Richa Tiwari
  • Physics
    Journal of Physics: Conference Series
  • 2021
The need for cybersecurity has increased manifold over the past decade due to an unprecedented shift towards digital. With the increase in the number and sophistication of threats, cybersecurity


A Study on Advanced Persistent Threats
The results of a comprehensive study on Advanced Persistent Threats are presented, characterizing its distinguishing characteristics and attack model, and analyzing techniques commonly seen in APT attacks.
A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities
This survey paper intends to bring all those methods and techniques that could be used to detect different stages of APT attacks, learning methods that need to be applied and where to make the threat detection framework smart and undecipherable for those adapting APT attackers.
A Context-Based Detection Framework for Advanced Persistent Threats
  • P. Giura, W. Wang
  • Engineering, Computer Science
    2012 International Conference on Cyber Security
  • 2012
This paper proposes a model of the APT detection problem as well as a methodology to implement it on a generic organization network and is the first to address the problem of modeling an APT and to provide a possible detection framework.
Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
The evolution of advanced persistent threats necessitates an intelligence-based model because in this model the defenders mitigate not just vulnerability, but the threat component of risk, too.
TerminAPTor: Highlighting Advanced Persistent Threats through Information Flow Tracking
TerminAPTor is described, an APT detector which highlights the traces left by attackers in the monitored system during the different stages of an attack campaign and shows that IFT can be used to highlight APTs.
Security threats to critical infrastructure: the human factor
This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.
The problem with (most) network detection and response
Many NDR systems are more akin to intrusion detection and prevention systems, anchored to rules or signatures, sending out alerts based on simple pattern-matching, which means machine learning can play a critical role, says Mike Campfield of ExtraHop.
Fileless attacks: compromising targets without malware
When a computer is compromised, one of the first things a security or forensic specialist will look for is software that shouldn't be there. Many forms of attack involve malicious software, sometimes
Tactical Provenance Analysis for Endpoint Detection and Response Systems
An effort to bring the benefits of data provenance to commercial EDR tools by introducing the notion of Tactical Provenance Graphs (TPGs) that, rather than encoding low-level system event dependencies, reason about causal dependencies between EDR-generated threat alerts.
Resurrecting anti-virtualization and anti-debugging: Unhooking your hooks
This work illustrates how Windows architecture impedes the work of debuggers when they analyse with armoured binaries and presents a new framework, ANTI, which automates the procedure of integrating anti-debugging and anti-VM in the binary.