Advanced search options

Advanced Search Options 🞨

Browse by author name (“Author name starts with…”).

Find ETDs with:

in
/  
in
/  
in
/  
in

Written in Published in Earliest date Latest date

Sorted by

Results per page:

Sorted by: relevance · author · university · dateNew search

You searched for subject:(APT Attack). Showing records 1 – 3 of 3 total matches.

Search Limiters

Last 2 Years | English Only

No search limiters apply to these results.

▼ Search Limiters


NSYSU

1. Liu, Ming-Che. APT Attack Detection Based on DNS Time Frequency Analysis.

Degree: Master, Computer Science and Engineering, 2013, NSYSU

Recently, malware infection has become one of the most serious threats against information security. Analysis and detection against malware are regarded as an important issue by the researchers, government units, and enterprises. In recent years, the APT (Advanced Persistent Threats) attack is seen as a notorious attack made by hackers and quite many well-known enterprises or organizations have become the victims. APT adopts a target attack model that focuses on some specific target in organization. Hackers design exclusive malware to invade specific targets through the e-mails with the function of embedded software exploits. Once any weakness exists in the specific application, the exploit will be triggered and further automatically install delicately customized malware. Due to the fact that the malware is primarily programmed for a specific victim, any anti-virus software is not capable of detecting the malware with corresponding signatures. When a compromised host was infected by malware, the hacker can utilize the infected individual to conduct some malicious activities, in which the primary intention is to steal the confidential information in some (key) userâs computer. Before the compromised hosts receive any commands, they must obtain the IP address of the C&C server (Control and Command server), and therefore there are a lot of behaviors and information of APT malware behind DNS traffic. Considering this situation, we attempt to utilize some time features of the malware to analyze whether the hosts were infected by malware or backdoor programs. The method we design can not only detect the APT malware, but also recognize its variation efficiently. Advisors/Committee Members: Chia-Mai Chen (chair), Chu-Sing Yang (chair), Han-wei Hsiao (chair), Chun-I Fan (committee member).

Subjects/Keywords: Malware; Traffic Analysis; APT Attack

Record DetailsSimilar RecordsGoogle PlusoneFacebookTwitterCiteULikeMendeleyreddit

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6th Edition):

Liu, M. (2013). APT Attack Detection Based on DNS Time Frequency Analysis. (Thesis). NSYSU. Retrieved from http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0723113-211137

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Liu, Ming-Che. “APT Attack Detection Based on DNS Time Frequency Analysis.” 2013. Thesis, NSYSU. Accessed September 19, 2019. http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0723113-211137.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

Liu, Ming-Che. “APT Attack Detection Based on DNS Time Frequency Analysis.” 2013. Web. 19 Sep 2019.

Vancouver:

Liu M. APT Attack Detection Based on DNS Time Frequency Analysis. [Internet] [Thesis]. NSYSU; 2013. [cited 2019 Sep 19]. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0723113-211137.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Liu M. APT Attack Detection Based on DNS Time Frequency Analysis. [Thesis]. NSYSU; 2013. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0723113-211137

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation


NSYSU

2. Chang, Tzu-Ching. Detecting Malware with DLL Injection And PE Infection.

Degree: Master, Information Management, 2016, NSYSU

Advanced Persistent Attack Threat is one of notorious in enterprises and organization. APT attack is a highly organized, well-funded attack against a specific target .Cyber Criminal using many ways to invade system to get sensitive information .It's applied to sophisticated state-level attacks which infiltrate specific networks to steal sensitive information, assets or cause system damage. DLL injection and PE Infection are common ways to hide their presence. APT attack stays there undetected for a long period of time. The average is a year and a half, however, in such case can be more than 3-year. Most Anti-Virus vendors use signature-based detection to get high detection rate, but on the other hand this technique has no protection against zero-day or unseen malware before they updating their database. Hacker can slightly change their malicious code to create a unique malware in order to escape from detection. In this paper, our target is to find potential DLL injection process, file and PE infection applications by using dynamic and static analysis. We propose 3 ways to detect the malicious file, PE infection applications and DLL injectionâs process. Malware detection method based on extracting sensitive API(Application Programming Interface) calls from malware to detect unseen malware. For potential DLL injection process, scanning each thread context and its corresponding stack frames for possible instruction pointer address that does not belong to executable section in the target process .Using API distance and duplicated RVA(relative virtual address) import table to detect PE infection. This method only detect infection host file to distinguish malware from benign .Unlike signature-based detection , sensitive API of predicting malware and potential PE Infection inspect can detect unseen malware . Protecting sensitive data is the end goal of almost all IT security measures. Advisors/Committee Members: Gu-Hsin Lai (chair), Chia-Mai Chen (committee member), Chih-Hung Wang (chair), Hui-Tang Lin (chair).

Subjects/Keywords: Malware; PE File; PE Infection; APT Attack; DLL Injection

Record DetailsSimilar RecordsGoogle PlusoneFacebookTwitterCiteULikeMendeleyreddit

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6th Edition):

Chang, T. (2016). Detecting Malware with DLL Injection And PE Infection. (Thesis). NSYSU. Retrieved from http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0723116-202543

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Chang, Tzu-Ching. “Detecting Malware with DLL Injection And PE Infection.” 2016. Thesis, NSYSU. Accessed September 19, 2019. http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0723116-202543.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

Chang, Tzu-Ching. “Detecting Malware with DLL Injection And PE Infection.” 2016. Web. 19 Sep 2019.

Vancouver:

Chang T. Detecting Malware with DLL Injection And PE Infection. [Internet] [Thesis]. NSYSU; 2016. [cited 2019 Sep 19]. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0723116-202543.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Chang T. Detecting Malware with DLL Injection And PE Infection. [Thesis]. NSYSU; 2016. Available from: http://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0723116-202543

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation


Brno University of Technology

3. Hujňák, Ondřej. Systém pro rozpoznávání APT útoků .

Degree: 2016, Brno University of Technology

Práce se zabývá APT útoky, což jsou cílené a profesionálně vedené útoky vyznačující se dlouhou dobou trvání s využitím pokročilých technik. Práce shrnuje dosavadní znalosti o APT útocích a je v ní navrženo sedm symptomů využitelných pro zjištění, že daná organizace se nachází pod APT útokem. Na spolupůsobení symptomů je v práci navržen systém pro rozpoznávání APT útoků. Tento systém je rozpracován pro útoky v prostředí počítačové sítě a využívá modelování chování uživatelů v síti pro detekci anomálií. Detektor je založen na metodě k-nearest neighbors (k-NN). Schopnost rozpoznávání APT útoku v síťovém prostředí je ověřena implementací detektoru a jeho otestováním.; The thesis investigates APT attacks, which are professional targeted attacks that are characterised by long-term duration and use of advanced techniques. The thesis summarises current knowledge about APT attacks and suggests seven symptoms that can be used to check, whether an organization is under an APT attack. Thesis suggests a system for detection of APT attacks based on interaction of those symptoms. This system is elaborated further for detection of attacks in computer networks, where it uses user behaviour modelling for anomaly detection. The detector uses k-nearest neighbors (k-NN) method. The APT attack recognition ability in network environment is verified by implementing and testing this detector. Advisors/Committee Members: Barabas, Maroš (advisor).

Subjects/Keywords: APT útok; monitorování síťového provozu; behaviorální analýza; NBA; detekce anomálií; nearest neighbors; k-NN; APT attack; network monitoring; behavioral analysis; NBA; outlier detection; nearest neighbors; k-NN

Record DetailsSimilar RecordsGoogle PlusoneFacebookTwitterCiteULikeMendeleyreddit

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6th Edition):

Hujňák, O. (2016). Systém pro rozpoznávání APT útoků . (Thesis). Brno University of Technology. Retrieved from http://hdl.handle.net/11012/61977

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Hujňák, Ondřej. “Systém pro rozpoznávání APT útoků .” 2016. Thesis, Brno University of Technology. Accessed September 19, 2019. http://hdl.handle.net/11012/61977.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

Hujňák, Ondřej. “Systém pro rozpoznávání APT útoků .” 2016. Web. 19 Sep 2019.

Vancouver:

Hujňák O. Systém pro rozpoznávání APT útoků . [Internet] [Thesis]. Brno University of Technology; 2016. [cited 2019 Sep 19]. Available from: http://hdl.handle.net/11012/61977.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Hujňák O. Systém pro rozpoznávání APT útoků . [Thesis]. Brno University of Technology; 2016. Available from: http://hdl.handle.net/11012/61977

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

.