scholarly journals Defending against the advanced persistent threat: Detection of disguised executable files

2018 ◽  
Author(s):  
Ibrahim Ghafir ◽  
Mohammad Hammoudeh ◽  
Vaclav Prenosil
Keyword(s):  
Life Cycle ◽  
Cyber Attacks ◽  
Threat Detection ◽  
Advanced Persistent Threat ◽  
Point Of Entry ◽  
Executable File ◽  
Common Technique ◽  
Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

scholarly journals Defending against the advanced persistent threat: Detection of disguised executable files

2018 ◽  
Author(s):  
Ibrahim Ghafir ◽  
Mohammad Hammoudeh ◽  
Vaclav Prenosil
Keyword(s):  
Life Cycle ◽  
Cyber Attacks ◽  
Threat Detection ◽  
Advanced Persistent Threat ◽  
Point Of Entry ◽  
Executable File ◽  
Common Technique ◽  
Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

scholarly journals Disguised executable files in spear-phishing emails: Detecting the point of entry in advanced persistent threat

2017 ◽  
Author(s):  
Ibrahim Ghafir ◽  
Mohammad Hammoudeh ◽  
Vaclav Prenosil
Keyword(s):  
Life Cycle ◽  
Cyber Attacks ◽  
Advanced Persistent Threat ◽  
Point Of Entry ◽  
Executable File ◽  
Common Technique ◽  
Mime Type

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.

scholarly journals Mathematical Study of Advanced Persistent Threat (APT) Hunting Techniques

2020 ◽  
pp. 1-24
Author(s):  
Argyrios Alexopoulos ◽  
Nicholas J. Daras
Keyword(s):  
Cyber Attacks ◽  
Nation State ◽  
Cyber Attack ◽  
Mathematical Study ◽  
Cyber Defense ◽  
Modus Operandi ◽  
Protection Measures ◽  
Advanced Persistent Threat ◽  
Rigorous Description ◽  
Cyber Kill Chain

The paper documents, based mainly on [3]-[6] published papers where a consistent mathematical description of cyberspace and various types of Cyber-Attacks and protection measures are presented, a holistic mathematical approach to a rigorous description of Advanced Persistent Threat (APT) actors’ modus operandi through various scenarios and Cyber Kill Chain stages [2]. After referring [6] to the various elements of Cyber-Attacks we propose some techniques (via 5 scenarios) of tracking the modus operandi of the most sophisticated and non-linear cyber actors, the Advanced Persistent Threat actors that are usually nation-state or nation-state backed and usually stay undetected for an extended time in later stages of Cyber Kill Chain in defenders’ networks. Keywords: Valuation of cyber assets, vulnerability of cyber assets, node supervision, sophistication of an attack germ of cyber-attack, cyber defense, proactive cyber protection, Advanced Persistent Threat (APT) actors, Indication of Compromise (IOC), Tactics, Techniques and Procedures (TTPs).

Advanced Persistent Threat Detection: A Survey

2021 ◽  
Author(s):  
Adam Khalid ◽  
Anazida Zainal ◽  
Mohd Aizaini Maarof ◽  
Fuad A. Ghaleb
Keyword(s):  
Threat Detection ◽  
Advanced Persistent Threat

scholarly journals A Threat-Hunting of UNSW-NB15 with Machine Learning Techniques to Achieve Resilience

2019 ◽  
Vol 9 (1S3) ◽  
pp. 488-494
Keyword(s):  
Machine Learning ◽  
Fault Tolerance ◽  
Critical Role ◽  
Cyber Attacks ◽  
Three Dimensions ◽  
Machine Learning Techniques ◽  
Advanced Persistent Threat ◽  
Learning Techniques

In order to focus on the mission and functions of the business of the organizations, cyber resiliency have to play a critical role against the adversaries’ target. The strategy recommended by NIST to reduce the suspect ability of cyber-attacks of the system with the three dimensions such as harden the target, limit the damage to the target and make the target resilient. The threats could be based on cyber and noncyber. The objective is to provide cyber resiliency on the Advanced Persistent Threat (APT), has born with the nature of sophisticated, stealthy, persistent towards target and highly adoptable to the environment. The challenge is to provide cyber resilience to the system from compromising tactics of the adversaries, uncertain in eradication of threat due to its persistent nature, recognizing its adapting ability. The cyber resiliency also links with other disciplines like safety, fault tolerance, privacy, resilience and survivability, reliability and security

scholarly journals Advanced Persistent Threat Detection and Defence (APT)

2021 ◽  
Author(s):  
Hassan Adeyoola
Keyword(s):  
Threat Detection ◽  
Advanced Persistent Threat ◽  
Advanced Persistent Threats ◽  
Sophisticated Version ◽  
The Web ◽  
Cyber Criminals

as the growth and popularity of technology has become simultaneous ascend in both impacts and numbers of cyber criminals thanks to the web. For many years, the organization has strived in ways of preventing any attacks from cyber-criminal with advanced techniques. Cybercriminals and intruders are developing a more advanced way to breach the security surface of an organization. Advanced Persistent Threats are also known as APT are new and a lot more sophisticated version for multistep attack scenarios that are known and are targeted just to achieve a goal most commonly undercover activities. this report, there will cover everything I know that tells us about APT with more word and brief explanations

Evolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning

2020 ◽  
Author(s):  
Gbadebo Ayoade ◽  
Khandakar Ashrafi Akbar ◽  
Pracheta Sahoo ◽  
Yang Gao ◽  
Anmol Agarwal ◽  
...  
Keyword(s):  
Metric Learning ◽  
Threat Detection ◽  
Advanced Persistent Threat

scholarly journals Analysis of high volumes of network traffic for Advanced Persistent Threat detection

2016 ◽  
Vol 109 ◽  
pp. 127-141 ◽  
Author(s):  
Mirco Marchetti ◽  
Fabio Pierazzi ◽  
Michele Colajanni ◽  
Alessandro Guido
Keyword(s):  
Network Traffic ◽  
Threat Detection ◽  
Advanced Persistent Threat
Sign in / Sign up

Export Citation Format

Share Document