@inproceedings{6a372d499114425897d1f93466cd9693,
title = "Decepticon: A hidden markov model approach to counter advanced persistent threats",
abstract = "Deception has been proposed in the literature as an effective defense mechanism to address Advanced Persistent Threats (APT). However, administering deception in a cost-effective manner requires a good understanding of the attack landscape. The attacks mounted by APT groups are highly diverse and sophisticated in nature and can render traditional signature based intrusion detection systems useless. This necessitates the development of behavior oriented defense mechanisms. In this paper, we develop Decepticon (Deception-based countermeasure) a Hidden Markov Model based framework where the indicators of compromise (IoC) are used as the observable features to aid in detection. This framework would help in selecting an appropriate deception script when faced with APTs or other similar malware and trigger an appropriate defensive response. The effectiveness of the model and the associated framework is demonstrated by considering ransomware as the offending APT in a networked system.",
keywords = "Advanced Persistent Threats (APT), Computer security, Cyber-security, Hidden Markov Model (HMM), Ransomware",
author = "Baksi, \{Rudra Prasad\} and Upadhyaya, \{Shambhu J.\}",
note = "Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd 2020.; 8th International Conference on Secure Knowledge Management in Artificial Intelligence Era, SKM 2019 ; Conference date: 21-12-2019 Through 22-12-2019",
year = "2020",
doi = "10.1007/978-981-15-3817-9\_3",
language = "English",
isbn = "9789811538162",
series = "Communications in Computer and Information Science",
publisher = "Springer",
pages = "38--54",
editor = "Sahay, \{Sanjay K.\} and Nihita Goel and Vishwas Patil and Murtuza Jadliwala",
booktitle = "Secure Knowledge Management In Artificial Intelligence Era - 8th International Conference, SKM 2019, Proceedings",
address = "Germany",
}