A novel search engine to uncover potential victims for APT investigations

Shun Te Liu, Yi Ming Chen, Shiou Jing Lin

研究成果: 書貢獻/報告類型會議論文篇章同行評審

15 引文 斯高帕斯(Scopus)

摘要

Advanced Persistent Threats (APT) are sophisticated and target-oriented cyber attacks which often leverage customized malware and bot control techniques to control the victims for remotely accessing valuable information. As the APT malware samples are specific and few, the signature-based or learning-based approaches are weak to detect them. In this paper, we take a more flexible strategy: developing a search engine for APT investigators to quickly uncover the potential victims based on the attributes of a known APT victim. We test our approach in a real APT case happened in a large enterprise network consisting of several thousands of computers which run a commercial antivirus system. In our best effort to prove, the search engine can uncover the other unknown 33 victims which are infected by the APT malware. Finally, the search engine is implemented on Hadoop platform. In the case of 440GB data, it can return the queries in 2 seconds.

原文???core.languages.en_GB???
主出版物標題Network and Parallel Computing - 10th IFIP International Conference, NPC 2013, Proceedings
頁面405-416
頁數12
DOIs
出版狀態已出版 - 2013
事件10th IFIP International Conference on Network and Parallel Computing, NPC 2013 - Guiyang, China
持續時間: 19 9月 201321 9月 2013

出版系列

名字Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
8147 LNCS
ISSN(列印)0302-9743
ISSN(電子)1611-3349

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???10th IFIP International Conference on Network and Parallel Computing, NPC 2013
國家/地區China
城市Guiyang
期間19/09/1321/09/13

指紋

深入研究「A novel search engine to uncover potential victims for APT investigations」主題。共同形成了獨特的指紋。

引用此