Unmasking windows advanced persistent threat execution Coulter, R, Zhang, J, Pan, Lei and Xiang, Y 2021, Unmasking windows advanced persistent threat execution, in TrustCom 2020 : Proceedings of the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, Piscataway, N.J., pp. 268-276, doi: 10.1109/TrustCom50675.2020.00046. Attached Files Name Description MIMEType Size Downloads Title Unmasking windows advanced persistent threat execution Author(s) Coulter, R Zhang, J Pan, Lei orcid.org/0000-0002-4691-8330 Xiang, Y Conference name Trust, Security and Privacy in Computing and Communications. Conference (2020 : 19th : Guangzhou, China) Conference location Guangzhou, China Conference dates 29 Dec. 2020 - 01 Jan.2021 Title of proceedings TrustCom 2020 : Proceedings of the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Editor(s) Wang, G Ko, R Bhuiyan, MZA Pan, Y Publication date 2021 Start page 268 End page 276 Total pages 9 Publisher IEEE Place of publication Piscataway, N.J. Keyword(s) Advanced persistent threat APT APT Execution Dataset Cyber Security CORE2020 A Summary The advanced persistent threat (APT) landscape has been studied without quantifiable data, for which indicators of compromise (IoC) may be uniformly analyzed, replicated, or used to support security mechanisms. This work culminates extensive academic and industry APT analysis, not as an incremental step in existing approaches to APT detection, but as a new benchmark of APT related opportunity. We collect 15,259 APT IoC hashes, retrieving subsequent sandbox execution logs across 41 different file types. This work forms an initial focus on Windows-based threat detection. We present a novel Windows APT executable (APT-EXE) dataset, made available to the research community. Manual and statistical analysis of the APT-EXE dataset is conducted, along with supporting feature analysis. We draw upon repeat and common APT paths access, file types, and operations within the APT-EXE dataset to generalize APT execution footprints. A baseline case analysis successfully identifies a majority of 117 of 152 live APT samples from campaigns across 2018 and 2019. ISBN 9780738143804 Language eng DOI 10.1109/TrustCom50675.2020.00046 Indigenous content off HERDC Research category E1 Full written paper - refereed Persistent URL http://hdl.handle.net/10536/DRO/DU:30148191 Document type: Conference Paper Collections: Faculty of Science, Engineering and Built Environment School of Information Technology Related Links Link Description Connect to Elements publication management system Go to link with your DU access privileges     Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved. Versions Version Filter Type Fri, 19 Feb 2021, 10:31:01 EST Sat, 20 Feb 2021, 04:02:31 EST Mon, 22 Feb 2021, 07:06:54 EST Tue, 23 Feb 2021, 07:58:46 EST Wed, 24 Feb 2021, 05:04:38 EST Wed, 24 Feb 2021, 13:04:14 EST Wed, 24 Feb 2021, 13:06:50 EST Wed, 24 Feb 2021, 15:02:28 EST Sat, 06 Mar 2021, 01:47:14 EST Filtered Full Citation counts:   Cited 0 times in TR Web of Science Cited 0 times in Scopus Search Google Scholar Access Statistics: 15 Abstract Views, 0 File Downloads  -  Detailed Statistics Created: Tue, 23 Feb 2021, 07:58:46 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.