Detection of Advance Persistent Threat (APT)

Abstract

Warfare touched peak of lethality in the form of nuclear arsenals. Presently, Cyber Warfare is emerging as the future brand and Stuxnet is an example. Cyber weapons are capable of much more damage than existing mutations. Whereas at the same time they do not involve collateral damage and physical crossing of borders. Consequently, Advanced Persistent Threat (APT) is coming up as favorite weapon category. Although APT has wide range but majority of detected attacks are of espionage. Modern warfare encompasses all factors related to life. Timely revealing of information about all segments is the key factor for winning the battle. Dependencies on internet and digital media entails data espionage by cyber means. The prime feature of an APT is that it remains undetected for prolong period. Therefore in this research an alert generation for early detection of APT existence followed with detail analysis is proposed. This research was carried out in three segments. First phase comprises artifacts gathering for data espionage through static malware analysis. In second phase an alert generation algorithm is proposed using Detour library by hooking selected APIs. Later suspicious code is analyzed with our proposed algorithm for detailed analysis. On the basis of results from previous step benign files are separated form malicious ones. Proposed Alert Generation Algorithm is resource efficient. It consumes less memory and CPU resources. Refinement of artifacts has improved the results for our proposed Analysis algorithm. It has given 99.16 percent of authentication and 99.33 percent of precision than previous works which were 98.31 percent of authentication and 98.5 percent of precision respectively.