Advanced Persistent Threat: New analysis driven by life cycle phases and their challenges

Disguised executable files in spear-phishing emails: Detecting the point of entry in advanced persistent threat

10.7287/peerj.preprints.2998v1 ◽

2017 ◽

Cited By ~ 1

Author(s):

Ibrahim Ghafir ◽

Mohammad Hammoudeh ◽

Vaclav Prenosil

Keyword(s):

Life Cycle ◽

Cyber Attacks ◽

Advanced Persistent Threat ◽

Point Of Entry ◽

Executable File ◽

Common Technique ◽

Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

Download Full-text

Defending against the advanced persistent threat: Detection of disguised executable files

10.7287/peerj.preprints.2998 ◽

2018 ◽

Author(s):

Ibrahim Ghafir ◽

Mohammad Hammoudeh ◽

Vaclav Prenosil

Keyword(s):

Life Cycle ◽

Cyber Attacks ◽

Threat Detection ◽

Advanced Persistent Threat ◽

Point Of Entry ◽

Executable File ◽

Common Technique ◽

Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

Download Full-text

Defending against the advanced persistent threat: Detection of disguised executable files

10.7287/peerj.preprints.2998v2 ◽

2018 ◽

Author(s):

Ibrahim Ghafir ◽

Mohammad Hammoudeh ◽

Vaclav Prenosil

Keyword(s):

Life Cycle ◽

Cyber Attacks ◽

Threat Detection ◽

Advanced Persistent Threat ◽

Point Of Entry ◽

Executable File ◽

Common Technique ◽

Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

Download Full-text

A New Proposal on the Advanced Persistent Threat: A Survey

Applied Sciences ◽

10.3390/app10113874 ◽

2020 ◽

Vol 10 (11) ◽

pp. 3874

Author(s):

Santiago Quintero-Bonilla ◽

Angel Martín del Rey

Keyword(s):

Machine Learning ◽

Life Cycle ◽

Early Detection ◽

Machine Learning Techniques ◽

Cyber Attack ◽

New Approach ◽

Advanced Persistent Threat ◽

Learning Techniques ◽

Proposed Model ◽

Mitigation Techniques

An advanced persistent threat (APT) can be defined as a targeted and very sophisticated cyber attack. IT administrators need tools that allow for the early detection of these attacks. Several approaches have been proposed to provide solutions to this problem based on the attack life cycle. Recently, machine learning techniques have been implemented in these approaches to improve the problem of detection. This paper aims to propose a new approach to APT detection, using machine learning techniques, and is based on the life cycle of an APT attack. The proposed model is organised into two passive stages and three active stages to adapt the mitigation techniques based on machine learning.

Download Full-text

Ultrastructural analysis of “Sensory” surface nerve endings and “putative” neurotransmitter sites in Schistosoma mansoni Miracidia

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100156791 ◽

1989 ◽

Vol 47 ◽

pp. 962-963

Author(s):

Betty Ruth Jones ◽

Steve Chi-Tang Pan

Keyword(s):

Nervous System ◽

Life Cycle ◽

Schistosoma Mansoni ◽

Snail Host ◽

Complex Life Cycle ◽

Rational Approach ◽

Effective Control ◽

The Social ◽

Social And Economic Development ◽

Basic Biology

INTRODUCTION: Schistosomiasis has been described as “one of the most devastating diseases of mankind, second only to malaria in its deleterious effects on the social and economic development of populations in many warm areas of the world.” The disease is worldwide and is probably spreading faster and becoming more intense than the overall research efforts designed to provide the basis for countering it. Moreover, there are indications that the development of water resources and the demands for increasing cultivation and food in developing countries may prevent adequate control of the disease and thus the number of infections are increasing.Our knowledge of the basic biology of the parasites causing the disease is far from adequate. Such knowledge is essential if we are to develop a rational approach to the effective control of human schistosomiasis. The miracidium is the first infective stage in the complex life cycle of schistosomes. The future of the entire life cycle depends on the capacity and ability of this organism to locate and enter a suitable snail host for further development, Little is known about the nervous system of the miracidium of Schistosoma mansoni and of other trematodes. Studies indicate that miracidia contain a well developed and complex nervous system that may aid the larvae in locating and entering a susceptible snail host (Wilson, 1970; Brooker, 1972; Chernin, 1974; Pan, 1980; Mehlhorn, 1988; and Jones, 1987-1988).

Download Full-text

A freeze-fracture-etched study of the physarum polycephalum plasma membrane during early formation of the macroplasmodial stage

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100147570 ◽

1993 ◽

Vol 51 ◽

pp. 346-347

Author(s):

Randolph W. Taylor ◽

Henrie Treadwell

Keyword(s):

Plasma Membrane ◽

Life Cycle ◽

Growth Phase ◽

Filter Paper ◽

Physarum Polycephalum ◽

Freeze Fracture ◽

Petri Dish ◽

Wire Screen ◽

Wide Mouth ◽

Sterile Filter

The plasma membrane of the Slime Mold, Physarum polycephalum, process unique morphological distinctions at different stages of the life cycle. Investigations of the plasma membrane of P. polycephalum, particularly, the arrangements of the intramembranous particles has provided useful information concerning possible changes occurring in higher organisms. In this report Freeze-fracture-etched techniques were used to investigate 3 hours post-fusion of the macroplasmodia stage of the P. polycephalum plasma membrane.Microplasmodia of Physarum polycephalum (M3C), axenically maintained, were collected in mid-expotential growth phase by centrifugation. Aliquots of microplasmodia were spread in 3 cm circles with a wide mouth pipette onto sterile filter paper which was supported on a wire screen contained in a petri dish. The cells were starved for 2 hrs at 24°C. After starvation, the cells were feed semidefined medium supplemented with hemin and incubated at 24°C. Three hours after incubation, samples were collected randomly from the petri plates, placed in plancettes and frozen with a propane-nitrogen jet freezer.

Download Full-text