@MASTERSTHESIS\{IMM2015-07057,
    author       = "L. Herl{\o}w and S. J. Hansen",
    title        = "Detection and Prevention of Advanced Persistent Threats - Evaluating and testing {APT} lifecycle models using real world examples and preventing attacks through the use of mitigation strategies and current best-practices",
    year         = "2015",
    school       = "Technical University of Denmark, Department of Applied Mathematics and Computer Science",
    address      = "Richard Petersens Plads, Building 324, {DK-}2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk",
    type         = "",
    note         = "{DTU} supervisor: Christian D. Jensen, cdje@dtu.dk, {DTU} Compute",
    url          = "http://www.compute.dtu.dk/english",
    abstract     = "Because of the recent discovery of several new Advanced Persistent Threats (APTs), is it becoming more and more important to understand the why and the how the operate, in order to effectively mitigate attacks. The purpose of this thesis is to analyze the characteristics of APTs, compare different life-cycle models to each other and evaluate how real world {APT} attacks, like Energetic Bear/Crouching Yeti, Regin, Equation, APT1 and Duqu 2.{0,} fit the model. This is done in order to show the validity of the chosen model and to use said model as a basis for a practical attack example that demonstrate concrete techniques and tools used by APTs. By correlating attack vectors against known best-practices and mitigation strategies we find that no single technology or technique will guarantee safety from APTs and that an active continuous approach to defense is the way forward."
}