Advanced Persistent Threat and Spear Phishing Emails

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.

Authors

GHAFIR Ibrahim PŘENOSIL Václav

Year of publication 2015
Type Article in Proceedings
Conference Proceedings of International Conference Distance Learning, Simulation and Communication
MU Faculty or unit

Faculty of Informatics

Citation
Web http://dlsc.unob.cz/data/Proceedings%20of%20the%20DLSC%202015%20conference.pdf
Field Informatics
Keywords Cyber security; advanced persistent threat; targeted attack; spear phishing email; malware; malicious domain; malicious file hash
Description In recent years, cyber exploitation and malicious activity are becoming increasingly sophisticated, targeted, and serious. Advanced persistent threats or APTs are a new and more sophisticated version of known multistep attack scenarios. They are targeted specifically to achieve a specific goal, most often espionage. These APTs form a problem for the current detection methods because these methods depend on known signatures of attacks and APTs make heavy use of unknown security holes for attacks. In this paper we propose two blacklist-based detection methods for detecting a spear phishing email, which is the most common technique used in APT attack. The first method is malicious domain detection method, and the second one is malicious file hash detection method. The blacklists are automatically updated each day and the detection is in the real time.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info