A Novel Search Engine to Uncover Potential Victims for APT Investigations
作者: Shun-Te Liu , Yi-Ming Chen , Shiou-Jing Lin
DOI: 10.1007/978-3-642-40820-5_34
关键词: Computer security 、 File format 、 Computer science 、 Enterprise private network 、 Malware 、 Leverage (statistics) 、 Search engine 、 Control (management)
摘要: Advanced Persistent Threats APT are sophisticated and target-oriented cyber attacks which often leverage customized malware bot control techniques to the victims for remotely accessing valuable information. As samples specific few, signature-based or learning-based approaches weak detect them. In this paper, we take a more flexible strategy: developing search engine investigators quickly uncover potential based on attributes of known victim. We test our approach in real case happened large enterprise network consisting several thousands computers run commercial antivirus system. best effort prove, can other unknown 33 infected by malware. Finally, is implemented Hadoop platform. 440GB data, it return queries 2 seconds.
springer.com
sci-hub.st 参考文章(27)
Martin Warmer, Detection of web based command & control channels ,(2011)
Jan Goebel, Thorsten Holz, Rishi: identify bot contaminated hosts by IRC nickname evaluation conference on workshop on hot topics in understanding botnets. pp. 8- 8 ,(2007)
Shun-Te Liu, Yi-Ming Chen, Hui-Ching Hung, N-Victims: An Approach to Determine N-Victims for APT Investigations workshop on information security applications. pp. 226- 240 ,(2012) , 10.1007/978-3-642-35416-8_16
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Olivier Thonnard, Leyla Bilge, Gavin O’Gorman, Seán Kiernan, Martin Lee, Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat Research in Attacks, Intrusions, and Defenses. pp. 64- 85 ,(2012) , 10.1007/978-3-642-33338-5_4
Roberto Perdisci, Nick Feamster, Wenke Lee, Behavioral clustering of HTTP-based malware and signature generation using malicious network traces networked systems design and implementation. pp. 26- 26 ,(2010) , 10.5555/1855711.1855737
Davey Winder, Persistent and Evasive Attacks Uncovered Infosecurity. ,vol. 8, pp. 40- 43 ,(2011) , 10.1016/S1754-4548(11)70069-9
Aditya K. Sood, Rohit Bansal, Richard J. Enbody, Cybercrime: Dissecting the State of Underground Enterprise IEEE Internet Computing. ,vol. 17, pp. 60- 68 ,(2013) , 10.1109/MIC.2012.61
Gordon Thomson, APTs: a poorly understood challenge Network Security. ,vol. 2011, pp. 9- 11 ,(2011) , 10.1016/S1353-4858(11)70118-0
Aditya K Sood, Richard Enbody, Targeted Cyberattacks: A Superset of Advanced Persistent Threats ieee symposium on security and privacy. ,vol. 11, pp. 54- 61 ,(2013) , 10.1109/MSP.2012.90