N-victims: An approach to determine N-victims for APT investigations

Shun Te Liu, Yi Ming Chen, Hui Ching Hung

研究成果: 書貢獻/報告類型會議論文篇章同行評審

8 引文 斯高帕斯(Scopus)


The advanced Persistent Threat (APT) is a sophisticated and target-oriented cyber attack for accessing valuable information. The attacker leverages the customized malware as the stepping stone to intrude into the enterprise network. For enterprises and forensic analysts, finding the victims and investigating them to evaluate the damages are critical, but the investigation is often limited by resources and time. In this paper, we propose an N-Victims approach that starts from a known malware-infected computer to determine the top N most likely victims. We test our approach in a real APT case that happened in a large enterprise network consisting of several thousand computers, which run a commercial antivirus system. N-Victims can find more malware-infected computers than N-Gram based approaches. In the top 20 detected computers, N-Victims also had a higher detection rate and a lower false positive rate than N-Gram based approaches.

主出版物標題Information Security Applications - 13th International Workshop, WISA 2012, Revised Selected Papers
編輯Dong Hoon Lee, Moti Yung
發行者Springer Verlag
出版狀態已出版 - 2012
事件13th International Workshop on Information Security Applications, WISA 2012 - Jeju Island, Korea, Republic of
持續時間: 16 8月 201218 8月 2012


名字Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
7690 LNCS


???event.eventtypes.event.conference???13th International Workshop on Information Security Applications, WISA 2012
國家/地區Korea, Republic of
城市Jeju Island


深入研究「N-victims: An approach to determine N-victims for APT investigations」主題。共同形成了獨特的指紋。