Skip to main content

Table 11 APT scenarios in generated dataset

From: Big knowledge-based semantic correlation for detecting slow and low-level advanced persistent threats

   Attack type     
# Adapted from Multi-step Low-level Slow Propagation channels Purpose of function Attack duration Special feature
1 Project Sauron APT [20] \(\checkmark\) \(\checkmark\) \(\checkmark\) Internet and USB device Sabotage 7 months Bypass air-gapped network
2 Flame APT [62] \(\checkmark\) \(\checkmark\) \(\checkmark\) (very slow) Internet Data theft 11 months Low-level data exfiltration
3 Shamoon [63] and StoneDrill [64] APT \(\checkmark\) \(\checkmark\) \(\checkmark\) Internet and LAN spreading Data wiping 5 month Code injection
4 WannaCry APT [65] \(\checkmark\) \(\checkmark\) Internet Ransomware 1 day Exploits
5 Cloud Atlas [66] and Red October[67] APT \(\checkmark\) \(\checkmark\) \(\checkmark\)(very slow) Internet and USB device Data theft 15 months Exploits, social engineering
6 Cloud Atlas [66] and Red October [67] APT \(\checkmark\) \(\checkmark\) Internet and USB device Data theft 1 month Exploits, social engineering
7 Poseidon APT [68] \(\checkmark\) \(\checkmark\) Internet Remote control 1 month Backdoor and code injection
8 Dark hotel [69] \(\checkmark\) \(\checkmark\) \(\checkmark\) (very slow) Internet Surveillance 14 months Stolen digital certificates
9 Dark hotel [69] \(\checkmark\) \(\checkmark\) \(\checkmark\) Internet Surveillance 9 months Stolen digital certificates