A Survey of APT Defence Techniques.

Since the discovery of Stuxnet in 2010, there have been a plethora of Advanced Persistent Threats (APT) that have been discovered in regular IT networks and in critical infrastructure such as Industrial Control Systems (ICS). ICS is a general term for different control systems like Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), Process Control Systems (PCS), and Smart grid. ICSs are used in mining industries, transportation systems, and for the distribution of water, natural gas, oil, electricity, and communications, in specialised facilities such as nuclear plants and for automating many other facilities. In a quest to find tangible solutions to the APT problem in information technology systems, many solutions have been designed to detect and protect against, as well as recover from APT. This paper endeavoured to survey the different techniques that have been designed to solve APT problems and their levels of success. This paper therefore discusses APT defence techniques. It is noted that many APTs use social engineering techniques to gain entry into systems; however, technical solutions are being developed to try and correct human errors that enable APTs to infiltrate ICS. Technical solutions include tweaking existing security controls, anomaly detection techniques and defence-in-depth techniques. The researchers believe that the defence-in-depth approach is the future of security and thus, suggest further improvements in defence-in-depth approaches by emulating the immune system which uses a layered defence mechanism to protect the human body from pathogens. Since the main research focused on APTs that are attacking ICS, a control system was setup to find the level of effectiveness of emulating immune system properties. This paper gives some preliminary results on how ICS which exhibit immune system properties perform better than those that are not. [ABSTRACT FROM AUTHOR]