A Framework of APT Detection Based on Dynamic Analysis
Authors
Yunfei Su, Mengjun Li, ChaoJing Tang, Rongjun Shen
Corresponding Author
Yunfei Su
Available Online December 2015.
- DOI
- 10.2991/nceece-15.2016.187How to use a DOI?
- Keywords
- Advanced persistent threat; dynamic analysis; APT detection.
- Abstract
Advanced persistent threat (APT) is sophisticated cyber-attack and has attracted lots of attention in cyberspace. Traditional defense measures based on signature matching are insufficient to detect APT, such as Stuxnet, Operation Aurora, Duqu, Flame, Red October, Miniduke and so on. In this paper, we proposed a framework of APT detection which includes network traffic redirection module, user agent, reconstruction module, dynamic analysis module and decision module. The framework could effectively detect APT attacks compared with current defense systems. We provide a detailed example to illustrate how the framework detects APT attacks especially passive attacks.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Yunfei Su AU - Mengjun Li AU - ChaoJing Tang AU - Rongjun Shen PY - 2015/12 DA - 2015/12 TI - A Framework of APT Detection Based on Dynamic Analysis BT - Proceedings of the 2015 4th National Conference on Electrical, Electronics and Computer Engineering PB - Atlantis Press SP - 1047 EP - 1053 SN - 2352-5401 UR - https://doi.org/10.2991/nceece-15.2016.187 DO - 10.2991/nceece-15.2016.187 ID - Su2015/12 ER -