Skip to main content

Research Repository

Advanced Search

Framework for detecting APTs based on steps analysis and correlation.

Eke, Hope Nkiruka; Petrovski, Andrei; Ahriz, Hatem; Al-Kadri, M. Omar


Andrei Petrovski

M. Omar Al-Kadri


Masoud Abbaszadeh

Ali Zemouche


An advanced persistent threatAdvanced persistent threat, (APTAPT), is an attack that uses multiple attack behavior to penetrate a system, achieve specifically targeted and highly valuable goals within a system. This type of attack has presented an increasing concern for cyber-security and business continuity. The resource availability, integrity, and confidentiality of the operational cyber-physical systems' (CPS) state and control are highly impacted by the safety and security measures adopted. In this study, we propose a framework based on deep APT steps analysis and correlation, of APTs approach abbreviated as ``APT-DASACAPT-DASAC'', for securing industrial control systems (ICSs) against APTs. This approach takes into consideration the distributed and multi-level nature of ICS architecture and reflects on multi-step APT attack lifecycle. We validated the framework with three case studies: (i) network transactions between a remote terminal unit (RTU)Remote Terminal Unit (RTU) and a master control unit (MTU)Master Control Unit (MTU) within a supervisory control and data acquisition (SCADASCADA) gas pipeline control system, (ii) a case study of command and response injection attacks, and (iii) a scenario based on network traffic containing hybrid of the real modern normal and the contemporary synthesized attack activities of the network traffic. Based on the achieved result, we show that the proposed approach achieves a significant attack detection capability and demonstrates that attack detection techniques that performed very well in one application domain may not yield the same result in another. Hence, robustness and resilience of operational CPS state or any system and performance are determined by the security measures in place, which is specific to the application system and domain.


EKE, H.N., PETROVSKI, A., AHRIZ, H. and AL-KADRI, M.O. 2022. Framework for detecting APTs based on steps analysis and correlation. In Abbaszadeh, M. and Zemouche, A. (eds.) Security and resilience in cyber-physical systems: detection, estimation and control. Cham: Springer [online], chapter 6, pages 119-147. Available from:

Acceptance Date Aug 9, 2022
Online Publication Date Aug 9, 2022
Publication Date Dec 31, 2022
Deposit Date Aug 30, 2022
Publicly Available Date Aug 10, 2024
Publisher Springer
Pages 119-147
Book Title Security and resilience in cyber-physical systems: detection, estimation and control
Chapter Number Chapter 6
ISBN 9783030971656
Keywords Advanced persistent threat (APT); Multiple attack behavior; Cyber-security; Cyber-physical systems (CPS); Safety; Security
Public URL


This file is under embargo until Aug 10, 2024 due to copyright reasons.

Contact to request a copy for personal use.

You might also like

Downloadable Citations