Dealing with Advanced Persistent Threats: Case Studies

23/9/21, 10.00-11.00am (AEST)

Speaker: Professor Wanlei Zhou, Vice Rector (Academic Affairs), Dean of Faculty of Data Science, City University of Macau

Title: Dealing with Advanced Persistent Threats: Case Studies

Slides: slides


Abstract: Advanced persistent threat (APT) poses a great threat to modern organizations. APT is a stealthy threat actor which gains unauthorized access to a computer network and remains undetected for an extended period. An APT attack has five stages: reconnaissance, establish foothold, lateral movement, exfiltration, and post-exfiltration. In order to mitigate the impact of APT on an organization, defense measures should be imposed to all stages of an APT attack life cycle, and the compromised systems in the organization must be quarantined and recovered in a timely and effective way. In this talk we first introduce some background of advanced persistent threat, and then describe three case studies to deal with APT attacks in various stages, including a counter-measure to defend against reconnaissance, a counter-measure to defend against lateral movement, and a counter-measure to customize a dynamic quarantine and recovery (QAR) scheme to minimize the APT impact.  The talk is based on the following recently published papers from our group:

  • Lu-Xing Yang, Pengdeng Li, Xiaofan Yang, Yong Xiang, Frank Jiang and Wanlei Zhou, “Effective quarantine and recovery scheme against advanced persistent threat,” Accepted by IEEE Transactions on Systems, Man, and Cybernetics: Systems, early access:
  • Dayong Ye, Tianqing Zhu, Sheng Shen, Wanlei Zhou: “A Differentially Private Game Theoretic Approach for Deceiving Cyber Adversaries”. IEEE Transactions on Information Forensics and Security. 16: 569-584 (2021).
  • Lu-Xing Yang, Pengdeng Li, Yushu Zhang, Xiaofan Yang, Yong Xiang, Wanlei Zhou: “Effective Repair Strategy Against Advanced Persistent Threat: A Differential Game Approach”. IEEE Transactions on Information Forensics and Security. 14(7): 1713-1728 (2019).

Bio: Professor Wanlei Zhou is currently the Vice Rector (Academic Affairs) and Dean of Faculty of Data Science, City University of Macau, Macao SAR, China. He received the B.Eng and M.Eng degrees from Harbin Institute of Technology, Harbin, China in 1982 and 1984, respectively, and the PhD degree from The Australian National University, Canberra, Australia, in 1991, all in Computer Science and Engineering. He also received a DSc degree (a higher Doctorate degree) from Deakin University in 2002. Before joining City University of Macau, Professor Zhou held various positions including the Head of School of Computer Science in University of Technology Sydney, Australia, the Alfred Deakin Professor, Chair of Information Technology, Associate Dean, and Head of School of Information Technology in Deakin University, Australia. Professor Zhou also served as a lecturer in University of Electronic Science and Technology of China, a system programmer in HP at Massachusetts, USA; a lecturer in Monash University, Melbourne, Australia; and a lecturer in National University of Singapore, Singapore. His main research interests include security, privacy, and distributed computing. Professor Zhou has published more than 400 papers in refereed international journals and refereed international conferences proceedings, including many articles in IEEE transactions and journals.