 Hybrid Analysis Technique to detect Advanced Persistent ThreatsS Sibi Chakkaravarthy,
V Vaidehi and
P Rajesh
International Journal of Intelligent Information Technologies (IJIIT), 2018, vol. 14, issue 2, 59-76 Abstract: Advanced persistent threats (APT) are major threats in the field of system and network security. They are extremely stealthy and use advanced evasion techniques like packing and behaviour obfuscation to hide their malicious behaviour and evade the detection methods. Existing behavior-based detection technique fails to detect the APTs due to its high persistence mechanism and sophisticated code nature. Hence, a novel hybrid analysis technique using Behavior based Sandboxing approach is proposed. The proposed technique consists of four phases namely, Static, Dynamic, Memory and System state analysis. Initially, static analysis is performed on the sample which involves packer detection and signature verification. If the sample is found stealthy and remains undetected, then it is executed inside a sandbox environment to analyze its behavior. Further, memory analysis is performed to extract memory artefacts of the current system state. Finally, system state analysis is performed by correlating clean system state and infected system state to determine whether the system is compromised Date: 2018 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:igg:jiit00:v:14:y:2018:i:2:p:59-76 Access Statistics for this article International Journal of Intelligent Information Technologies (IJIIT) is currently edited by Vijayan Sugumaran More articles in International Journal of Intelligent Information Technologies (IJIIT) from IGI Global |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.