EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

System-Level Behavior Analysis for Detecting Advanced Persistent Threats (APTs)

Khaja Kamaluddin ()

European Journal of Technology, 2020, vol. 4, issue 2, 1-17

Abstract: Purpose: Advanced Persistent Threats pose a serious threat in cybersecurity because of their stealth, long presence, and ability to hide. Most organizations placed considerable emphasis on signature-based detection techniques, which were effective against known malware but often failed to detect novel, targeted, or user-specific threats with undefined signatures. This study investigates system-level behavioral analysis as a dynamic alternative for detecting APTs, shifting focus from static indicators to the real-time behavior of processes and applications interacting with the operating system. It emphasizes the importance of identifying abnormal activities such as atypical system call usage, unauthorized process creation, memory injection, and unpredictable modifications to the registry or file system. Materials and Methods: The research outlines several practical tools and methods used to capture behavioral data, including system call monitoring with strace and Sysmon, process and memory analysis via Process Monitor and Volatility, and registry inspection with Autoruns and Rekall. While these techniques lack automation and often require significant technical expertise, they offer valuable insights into threats that evade conventional antivirus solutions. Findings: The study acknowledges the challenges posed by high false positives, manual rule creation, and scalability limitations but underscores their critical role in laying the groundwork for modern cybersecurity practices. Unique Contribution to Theory, Practice and Policy: Based on these findings, the study recommends the integration of behavioral detection capabilities into advanced, automated platforms that leverage machine learning and cloud-based analytics. It advocates for a behavior-first approach that prioritizes system-wide visibility and proactive threat hunting over reactive, signature-matching strategies. These recommendations aim to inform the development of AI-driven security solutions capable of detecting complex, evasive threats like APTs in real time and at scale.

Date: 2020
References: Add references at CitEc
Citations:

Downloads: (external link)
https://ajpojournals.org/journals/index.php/EJT/article/view/2724 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:bfy:ojtejt:v:4:y:2020:i:2:p:1-17:id:2724

Access Statistics for this article

More articles in European Journal of Technology from AJPO Journals Limited
Bibliographic data for series maintained by Chief Editor ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-06-28
Handle: RePEc:bfy:ojtejt:v:4:y:2020:i:2:p:1-17:id:2724