Pattern Extraction and Behavior Analysis of Self Created HTTP Based Advanced Persistent Threat (APT) for Better Detection

Abstract

With the advent of online social networks and portable devices like smartphones and USB mass storage devices, threat to the privacy and data security of individuals and nations has increased manifolds. Most importantly, privacy of individual users is at stake especially when context sensitive information like information about individual user’s surroundings, location and environment can be captured and transmitted remotely through cameras and microphones attached to PCs, laptops, and smartphones without user’s knowledge. The intensity of HTTP Based APT is going to increase over the coming years. Ignoring the dreadful nature of these APTs would mean a great hidden security risk to an organization. Most of the HTTP based viruses are communicated through Internet by an attacker through a C&C server. Analyzing traffic network can be an option for discovering suspicious behavior and detect infected machines, for example, some viruses are detectable through firewalls but most of these malware stay undetected due to new techniques. One of the best ways to detect these malware can be through pattern and behavior based analysis of HTTP and HTTPS packets that allows to discriminate infected machines network packets from legitimate packets. This shall help in defending against APTs launched by the rival countries. In this work, HTTP based APT has been developed in such a sophisticated and complicated method so that very minimal information is extracted using the traditional analysis tools in the behavior analysis phase. This can help in devising new methodologies to better analyze APT malware (released by rival nations) in future. Moreover, such HTTP based APT malware is an initial step towards Offensive Cyber Operations (OCO). Such APT can prove to be helpful for national military organizations in launching stealthy attack missions against rivals for a better offensive hold on cyberspace.