Mohamed Elmetaafy

Followers

Following

Public Views

Address: Derby, Derby, United Kingdom

less

Vikram Arsid

San Jose State University

Bill Ross

The Catholic University of America

Mauricio Vargas

Kristel Roldan

Visión Electrónica

Universidad Distrital Francisco Jose de Caldas, Bogota, Colombia

Journal of Computer Science IJCSIS

jope bloggs

Juan Carlos Chavez

Artur Rot

Wroclaw University of Economics

Bogusław Olszewski

University of Wroclaw

Interests

Uploads

Thesis Chapters by Mohamed Elmetaafy

CYBER INCIDENT RESPONSE AND NEW FRAMEWORK FOR THE APT

The game of security cannot be successful without understanding the rules of engagement. The long... more The game of security cannot be successful without understanding the rules of engagement. The long-term and sophisticated attacks target companies, governments and political activists. These incidents happen for different industries as well. A new class of threat called Advanced Persistent Threat (APT) has emerged and is described as cyber intrusions against military organisations. The term APT has been overloaded and means different things to different people - for example, some people refer to attacks from China, and others consider all attacks as part of the APT. This dissertation proposed framework allows the incident response team to detect APTs more efficiently and improve the knowledge of the incident response team about the phases of the attack by identifying and detecting various indicators of the adversary’s attack. The multistage framework can be described as a multi-layer security and components. The new framework includes layer 1, which has antivirus, NIDS/HIDS, firewall, etc. The logs of the previous component of layer 1 will be used by SIEM in layer 2 to show different alerts and warnings. The components of the framework are logging modules, SIEM, indicators, attack tree, Kill chain, and sandbox. The aim of this project is to determine whether using a complex multistage framework solution will limit or reduce the damage of the cyber attack and, to ask, if will it help the incident response team to detect the APT or not. A case study simulated to represent the benefits and the effectiveness of a new framework to limit or reduce the APT. There are two groups to test and evaluate the framework: Group A will use the simulation of the new framework whilst group B will use the original method in the second simulation. The results of simulation prove that the new framework succeeds to detect the malicious files in the three attempts that allows to mitigate and detect these types of APT by using different security solutions, SIEM, HIDS, NIDS and Sandbox; while traditional methods that used antivirus and antispyware fails to detect or prevent APT. The new framework provides appropriate methods for detecting APT

Download

CYBER INCIDENT RESPONSE AND NEW FRAMEWORK FOR THE APT

Download

Mohamed Elmetaafy

Uploads

Thesis Chapters by Mohamed Elmetaafy

Log In