MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats

• Published in: Symmetry (Basel) Vol. 6; no. 4; pp. 997 - 1010
• Main Authors: Moon, Daesung, Im, Hyungjin, Lee, Jae Dong, Park, Jong Hyuk
• Format: Journal Article
• Language: English
• Published: Basel MDPI AG 01.12.2014
• Subjects: APT attack; Blocking; Computer information security; defense in depth; End users; Intrusion; intrusion detection; Malware; multi-layer defense; Multilayers; Networks; Servers (computers)
• ISSN: 2073-8994; 2073-8994
• DOI: 10.3390/sym6040997

Here we report on the issue of Advanced Persistent Threats (APT), which use malware for the purpose of leaking the data of large corporations and government agencies. APT attacks target systems continuously by utilizing intelligent and complex technologies. To overthrow the elaborate security network of target systems, it conducts an attack after undergoing a pre-reconnaissance phase. An APT attack causes financial loss, information leakage, etc. They can easily bypass the antivirus system of a target system. In this paper, we propose a Multi-Layer Defense System (MLDS) that can defend against APT. This system applies a reinforced defense system by collecting and analyzing log information and various information from devices, by installing the agent on the network appliance, server and end-user. It also discusses how to detect an APT attack when one cannot block the initial intrusion while continuing to conduct other activities. Thus, this system is able to minimize the possibility of initial intrusion and damages of the system by promptly responding through rapid detection of an attack when the target system is attacked.