scholarly journals Disguised executable files in spear-phishing emails: Detecting the point of entry in advanced persistent threat

2017 ◽  
Author(s):  
Ibrahim Ghafir ◽  
Mohammad Hammoudeh ◽  
Vaclav Prenosil
Keyword(s):  
Life Cycle ◽  
Cyber Attacks ◽  
Advanced Persistent Threat ◽  
Point Of Entry ◽  
Executable File ◽  
Common Technique ◽  
Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

scholarly journals Defending against the advanced persistent threat: Detection of disguised executable files

2018 ◽  
Author(s):  
Ibrahim Ghafir ◽  
Mohammad Hammoudeh ◽  
Vaclav Prenosil
Keyword(s):  
Life Cycle ◽  
Cyber Attacks ◽  
Threat Detection ◽  
Advanced Persistent Threat ◽  
Point Of Entry ◽  
Executable File ◽  
Common Technique ◽  
Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

scholarly journals Defending against the advanced persistent threat: Detection of disguised executable files

2018 ◽  
Author(s):  
Ibrahim Ghafir ◽  
Mohammad Hammoudeh ◽  
Vaclav Prenosil
Keyword(s):  
Life Cycle ◽  
Cyber Attacks ◽  
Threat Detection ◽  
Advanced Persistent Threat ◽  
Point Of Entry ◽  
Executable File ◽  
Common Technique ◽  
Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

scholarly journals Mathematical Study of Advanced Persistent Threat (APT) Hunting Techniques

2020 ◽  
pp. 1-24
Author(s):  
Argyrios Alexopoulos ◽  
Nicholas J. Daras
Keyword(s):  
Cyber Attacks ◽  
Nation State ◽  
Cyber Attack ◽  
Mathematical Study ◽  
Cyber Defense ◽  
Modus Operandi ◽  
Protection Measures ◽  
Advanced Persistent Threat ◽  
Rigorous Description ◽  
Cyber Kill Chain

The paper documents, based mainly on [3]-[6] published papers where a consistent mathematical description of cyberspace and various types of Cyber-Attacks and protection measures are presented, a holistic mathematical approach to a rigorous description of Advanced Persistent Threat (APT) actors’ modus operandi through various scenarios and Cyber Kill Chain stages [2]. After referring [6] to the various elements of Cyber-Attacks we propose some techniques (via 5 scenarios) of tracking the modus operandi of the most sophisticated and non-linear cyber actors, the Advanced Persistent Threat actors that are usually nation-state or nation-state backed and usually stay undetected for an extended time in later stages of Cyber Kill Chain in defenders’ networks. Keywords: Valuation of cyber assets, vulnerability of cyber assets, node supervision, sophistication of an attack germ of cyber-attack, cyber defense, proactive cyber protection, Advanced Persistent Threat (APT) actors, Indication of Compromise (IOC), Tactics, Techniques and Procedures (TTPs).

scholarly journals A Threat-Hunting of UNSW-NB15 with Machine Learning Techniques to Achieve Resilience

2019 ◽  
Vol 9 (1S3) ◽  
pp. 488-494
Keyword(s):  
Machine Learning ◽  
Fault Tolerance ◽  
Critical Role ◽  
Cyber Attacks ◽  
Three Dimensions ◽  
Machine Learning Techniques ◽  
Advanced Persistent Threat ◽  
Learning Techniques

In order to focus on the mission and functions of the business of the organizations, cyber resiliency have to play a critical role against the adversaries’ target. The strategy recommended by NIST to reduce the suspect ability of cyber-attacks of the system with the three dimensions such as harden the target, limit the damage to the target and make the target resilient. The threats could be based on cyber and noncyber. The objective is to provide cyber resiliency on the Advanced Persistent Threat (APT), has born with the nature of sophisticated, stealthy, persistent towards target and highly adoptable to the environment. The challenge is to provide cyber resilience to the system from compromising tactics of the adversaries, uncertain in eradication of threat due to its persistent nature, recognizing its adapting ability. The cyber resiliency also links with other disciplines like safety, fault tolerance, privacy, resilience and survivability, reliability and security

scholarly journals A New Proposal on the Advanced Persistent Threat: A Survey

2020 ◽  
Vol 10 (11) ◽  
pp. 3874
Author(s):  
Santiago Quintero-Bonilla ◽  
Angel Martín del Rey
Keyword(s):  
Machine Learning ◽  
Life Cycle ◽  
Early Detection ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
New Approach ◽  
Advanced Persistent Threat ◽  
Learning Techniques ◽  
Proposed Model ◽  
Mitigation Techniques

An advanced persistent threat (APT) can be defined as a targeted and very sophisticated cyber attack. IT administrators need tools that allow for the early detection of these attacks. Several approaches have been proposed to provide solutions to this problem based on the attack life cycle. Recently, machine learning techniques have been implemented in these approaches to improve the problem of detection. This paper aims to propose a new approach to APT detection, using machine learning techniques, and is based on the life cycle of an APT attack. The proposed model is organised into two passive stages and three active stages to adapt the mitigation techniques based on machine learning.

scholarly journals The Influences of Feature Sets on the Detection of Advanced Persistent Threats

Electronics ◽  
2021 ◽  
Vol 10 (6) ◽  
pp. 704
Author(s):  
Katharina Hofer-Schmitz ◽  
Ulrike Kleb ◽  
Branka Stojanović
Keyword(s):  
High Performance ◽  
Cyber Attacks ◽  
Feature Sets ◽  
Local Outlier Factor ◽  
Advanced Persistent Threat ◽  
Factor Method ◽  
Advanced Persistent Threats ◽  
Detection Capabilities ◽  
Local Outlier ◽  
Selection Of

This paper investigates the influences of different statistical network traffic feature sets on detecting advanced persistent threats. The selection of suitable features for detecting targeted cyber attacks is crucial to achieving high performance and to address limited computational and storage costs. The evaluation was performed on a semi-synthetic dataset, which combined the CICIDS2017 dataset and the Contagio malware dataset. The CICIDS2017 dataset is a benchmark dataset in the intrusion detection field and the Contagio malware dataset contains real advanced persistent threat (APT) attack traces. Several different combinations of datasets were used to increase variety in background data and contribute to the quality of results. For the feature extraction, the CICflowmeter tool was used. For the selection of suitable features, a correlation analysis including an in-depth feature investigation by boxplots is provided. Based on that, several suitable features were allocated into different feature sets. The influences of these feature sets on the detection capabilities were investigated in detail with the local outlier factor method. The focus was especially on attacks detected with different feature sets and the influences of the background on the detection capabilities with respect to the local outlier factor method. Based on the results, we could determine a superior feature set, which detected most of the malicious flows.

scholarly journals Entropy-Based Evaluation of DNS Activity for Threat Hunting

2021 ◽  
pp. 25-31
Author(s):  
Argyrios (Argi) Alexopoulos
Keyword(s):  
Anomaly Detection ◽  
Mathematical Description ◽  
Cyber Attacks ◽  
Mathematical Approach ◽  
Domain Name System ◽  
Domain Name ◽  
Protection Measures ◽  
Advanced Persistent Threat ◽  
Cyber Threat ◽  
High Level

The paper documents, based mainly on published papers where a consistent mathematical description of cyberspace and various types of Cyber-Attacks and protection measures are presented, a mathematical approach for Cyber Threat Hunting using Domain Name System (DNS) observations. After referring to the various Advanced Persistent Threat (APT) hunting techniques we propose a high level, mainly, entropy-based technique for detecting the existence of various threat vectors in our networks, demystifying DNS Anomalies. Keywords: Domain Name System (DNS), Advanced Persistent Threat (APT) actors, Entropy, Anomaly Detection.

scholarly journals A Comprehensive Overview on Cybersecurity: Threats and Attacks

2021 ◽  
Vol 10 (8) ◽  
pp. 98-106
Author(s):  
Preetha S ◽  
P. Lalasa ◽  
Pradeepa R
Keyword(s):  
Information Disclosure ◽  
Cyber Attacks ◽  
Cyber Crime ◽  
Comprehensive Overview ◽  
Internet Crime ◽  
Advanced Persistent Threat ◽  
The World ◽  
Software Information ◽  
Automated Processes ◽  
Tools And Techniques

In the world of evolving technologies, we are being driven by online transaction, AI technologies and automated processes. With the increased use of technologies in our life, the cybercrimes have amplified. Various new attacks, tools and techniques have been developed which allow the attackers to access more complex and well-managed systems, creating damage and even remain untraceable. The statistics about cyber crime tell that as of 2021 January, google has registered around 2 million phishing websites. In 2019 around 93.6% of observed malware was polymorphic, which means it changes the code continuously to evade detection. According to FBI and internet crime complaint center 2020crime report has doubled compared to 2019. International Data Corporation predicts that global spending on cybersecurity solutions will reach $133.7 billion by 2022 as cyber threats continue to increase. Governments around the world have acknowledged to growing cyber-attacks by providing directions to organizations implementing efficient cybersecurity practices. Cybersecurity protects computer systems and networks from creating damage to hardware and software, information disclosure, theft and from the interference or misdirection of the services they provide. The need to understand different kinds of cybercrime. In order to develop necessary measures against cybercrime, we need to understand different kinds of cybercrime. Our paper gives you an overview of various types of cyber-crime like malware, phishing, zero-day exploit, Advanced Persistent Threat (APT). The study provides an overview to different preventive existing solutions proposal and methods to detect attack. A strong understanding of such attacks would benefit us to be cautious and develop effective solutions.

scholarly journals Data augmentation based malware detection using convolutional neural networks

2021 ◽  
Vol 7 ◽  
pp. e346
Author(s):  
Ferhat Ozgur Catak ◽  
Javed Ahmed ◽  
Kevser Sahinbas ◽  
Zahid Hussain Khand
Keyword(s):  
Data Augmentation ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Classification Model ◽  
Financial Loss ◽  
Binary File ◽  
Digital World ◽  
Executable File ◽  
Windowing Technique ◽  
Operational Processes

Due to advancements in malware competencies, cyber-attacks have been broadly observed in the digital world. Cyber-attacks can hit an organization hard by causing several damages such as data breach, financial loss, and reputation loss. Some of the most prominent examples of ransomware attacks in history are WannaCry and Petya, which impacted companies’ finances throughout the globe. Both WannaCry and Petya caused operational processes inoperable by targeting critical infrastructure. It is quite impossible for anti-virus applications using traditional signature-based methods to detect this type of malware because they have different characteristics on each contaminated computer. The most important feature of this type of malware is that they change their contents using their mutation engines to create another hash representation of the executable file as they propagate from one computer to another. To overcome this method that attackers use to camouflage malware, we have created three-channel image files of malicious software. Attackers make different variants of the same software because they modify the contents of the malware. In the solution to this problem, we created variants of the images by applying data augmentation methods. This article aims to provide an image augmentation enhanced deep convolutional neural network (CNN) models for detecting malware families in a metamorphic malware environment. The main contributions of the article consist of three components, including image generation from malware samples, image augmentation, and the last one is classifying the malware families by using a CNN model. In the first component, the collected malware samples are converted into binary file to 3-channel images using the windowing technique. The second component of the system create the augmented version of the images, and the last part builds a classification model. This study uses five different deep CNN model for malware family detection. The results obtained by the classifier demonstrate accuracy up to 98%, which is quite satisfactory.

Sign in / Sign up

Export Citation Format

Share Document