Semantics-aware detection of targeted attacks: a survey

• Published in: Journal of Computer Virology and Hacking Techniques Vol. 13; no. 1; pp. 47 - 85
• Main Authors: Luh, Robert, Marschalek, Stefan, Kaiser, Manfred, Janicke, Helge, Schrittwieser, Sebastian
• Format: Journal Article
• Language: English
• Published: Paris Springer Paris 01.02.2017; Springer Nature B.V
• Subjects: Computer Science; Evaluation; Literature reviews; Malware; Original Paper; Semantics; Malware; Security; APT; Semantics-based attack detection; Intrusion detection; Targeted attacks
• ISSN: 2263-8733; 2263-8733
• DOI: 10.1007/s11416-016-0273-3

In today’s interconnected digital world, targeted attacks have become a serious threat to conventional computer systems and critical infrastructure alike. Many researchers contribute to the fight against network intrusions or malicious software by proposing novel detection systems or analysis methods. However, few of these solutions have a particular focus on Advanced Persistent Threats or similarly sophisticated multi-stage attacks. This turns finding domain-appropriate methodologies or developing new approaches into a major research challenge. To overcome these obstacles, we present a structured review of semantics-aware works that have a high potential for contributing to the analysis or detection of targeted attacks. We introduce a detailed literature evaluation schema in addition to a highly granular model for article categorization. Out of 123 identified papers, 60 were found to be relevant in the context of this study. The selected articles are comprehensively reviewed and assessed in accordance to Kitchenham’s guidelines for systematic literature reviews. In conclusion, we combine new insights and the status quo of current research into the concept of an ideal systemic approach capable of semantically processing and evaluating information from different observation points.