Hybrid Analysis Technique to detect Advanced Persistent Threats

Advanced persistent threats (APT) are major threats in the field of system and network security. They are extremely stealthy and use advanced evasion techniques like packing and behaviour obfuscation to hide their malicious behaviour and evade the detection methods. Existing behavior-based detection technique fails to detect the APTs due to its high persistence mechanism and sophisticated code nature. Hence, a novel hybrid analysis technique using Behavior based Sandboxing approach is proposed. The proposed technique consists of four phases namely, Static, Dynamic, Memory and System state analysis. Initially, static analysis is performed on the sample which involves packer detection and signature verification. If the sample is found stealthy and remains undetected, then it is executed inside a sandbox environment to analyze its behavior. Further, memory analysis is performed to extract memory artefacts of the current system state. Finally, system state analysis is performed by correlating clean system state and infected system state to determine whether the system is compromised

MoreLess

Year of publication:	2018
Authors:	Chakkaravarthy, S Sibi ; Vaidehi, V ; Rajesh, P
Published in:	International Journal of Intelligent Information Technologies (IJIIT). - IGI Global, ISSN 1548-3665, ZDB-ID 2400990-8. - Vol. 14.2018, 2 (01.04.), p. 59-76
Publisher:	IGI Global
Subject:	Advanced Persistent Threats (APT) \| dynamic analysis \| Malware analysis \| malware sandbox \| memory analysis \| static analysis \| system state analysis,

Online Resource

Check full text access |

More access options

doi.org

Check Google Scholar

In libraries world-wide (WorldCat)

In German libraries (KVK)

subito order

I need help

More details

Type of publication:	Article
Language:	English
Other identifiers:	10.4018/IJIIT.2018040104 [DOI]
Source:	Other ZBW resources

Persistent link: https://www.econbiz.de/10012045521