Unmasking windows advanced persistent threat execution

Coulter, R, Zhang, J, Pan, Lei and Xiang, Y 2021, Unmasking windows advanced persistent threat execution, in TrustCom 2020 : Proceedings of the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE, Piscataway, N.J., pp. 268-276, doi: 10.1109/TrustCom50675.2020.00046.

Attached Files
Name Description MIMEType Size Downloads

Title Unmasking windows advanced persistent threat execution
Author(s) Coulter, R
Zhang, J
Pan, LeiORCID iD for Pan, Lei orcid.org/0000-0002-4691-8330
Xiang, Y
Conference name Trust, Security and Privacy in Computing and Communications. Conference (2020 : 19th : Guangzhou, China)
Conference location Guangzhou, China
Conference dates 29 Dec. 2020 - 01 Jan.2021
Title of proceedings TrustCom 2020 : Proceedings of the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Editor(s) Wang, G
Ko, R
Bhuiyan, MZA
Pan, Y
Publication date 2021
Start page 268
End page 276
Total pages 9
Publisher IEEE
Place of publication Piscataway, N.J.
Keyword(s) Advanced persistent threat
APT Execution
Cyber Security
CORE2020 A
Summary The advanced persistent threat (APT) landscape has been studied without quantifiable data, for which indicators of compromise (IoC) may be uniformly analyzed, replicated, or used to support security mechanisms. This work culminates extensive academic and industry APT analysis, not as an incremental step in existing approaches to APT detection, but as a new benchmark of APT related opportunity. We collect 15,259 APT IoC hashes, retrieving subsequent sandbox execution logs across 41 different file types. This work forms an initial focus on Windows-based threat detection. We present a novel Windows APT executable (APT-EXE) dataset, made available to the research community. Manual and statistical analysis of the APT-EXE dataset is conducted, along with supporting feature analysis. We draw upon repeat and common APT paths access, file types, and operations within the APT-EXE dataset to generalize APT execution footprints. A baseline case analysis successfully identifies a majority of 117 of 152 live APT samples from campaigns across 2018 and 2019.
ISBN 9780738143804
Language eng
DOI 10.1109/TrustCom50675.2020.00046
Indigenous content off
HERDC Research category E1 Full written paper - refereed
Persistent URL http://hdl.handle.net/10536/DRO/DU:30148191

Connect to link resolver
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 0 times in TR Web of Science
Scopus Citation Count Cited 0 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 47 Abstract Views, 0 File Downloads  -  Detailed Statistics
Created: Tue, 23 Feb 2021, 07:58:46 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.