Using Large Scale Distributed Computing to Unveil Advanced Persistent Threats

Besides a large set of malware categories such as worms and Trojan horses, Advanced Persistent Threat (APT) is another more sophisticated and highly targeted attack emerging in the cyber threats environment. In this paper we propose a model of the APT detection problem as well as a methodology to implement it on a generic organization network. The method suggests to closely monitor the possible targets and to use a large scale distributed computing framework, such as MapReduce to consider all possible events and to process all the possible contexts where the attack could take place. Our results show that this approach is feasible to process very large data sets and is flexible enough to accommodate any context processing algorithm, even to detect sophisticated attacks such as APT.