Detection of command and control in advanced persistent threat based on independent access

Wang, X; Zheng, K; Niu, X; Wu, B; Wu, C

Detection of command and control in advanced persistent threat based on independent access

Wang, X

Zheng, K Niu, X Wu, B Wu, C

Permalink

Publisher:: IEEE
Publication Type:: Conference Proceeding
Citation:: 2016 IEEE International Conference on Communications, ICC 2016, 2016, pp. 1-6
Issue Date:: 2016-07-12

Closed Access

	Filename	Description	Size
	2016 Detection of Command and Control in Advanced Persistent Threat based on Independent Access.pdf	Published version	294.01 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Wang, X https://orcid.org/0000-0001-9439-6437
dc.contributor.author	Zheng, K
dc.contributor.author	Niu, X
dc.contributor.author	Wu, B
dc.contributor.author	Wu, C
dc.date	2016-05-22
dc.date.accessioned	2021-01-05T01:05:00Z
dc.date.available	2021-01-05T01:05:00Z
dc.date.issued	2016-07-12
dc.identifier.citation	2016 IEEE International Conference on Communications, ICC 2016, 2016, pp. 1-6
dc.identifier.isbn	9781479966646
dc.identifier.uri	http://hdl.handle.net/10453/145081
dc.description.abstract	© 2016 IEEE. Advanced Persistent Threat (APT) imposes increasing threats on cyber security with the developing network attack technologies. APT is a highly interactive, specifically targeted and extremely harmful network-centric attack, which employs various technologies to evade detection during attacks leading to the result that victims will not be aware of attacks until they suffer from tremendous losses. Since command and control (C&C) is an essential component during the lifetime of APT, the detection of it is a practical measure to defend against the APT. In this paper, we analyze the features of C&C in APT and find that the HTTP-based C&C is widely used. Based on the analysis results, we propose a new feature of C&C, i.e., independent access, to characterize the difference between C&C communications and normal HTTP requests. Applying the independent access feature into DNS records, we implement a novel C&C detection method and validate it on public dataset. As a new feature of C&C, its advantages and drawbacks are also analyzed.
dc.language	en
dc.publisher	IEEE
dc.relation.ispartof	2016 IEEE International Conference on Communications, ICC 2016
dc.relation.ispartof	ICC 2016 - 2016 IEEE International Conference on Communications
dc.relation.isbasedon	10.1109/ICC.2016.7511197
dc.rights	© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.	en_US
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	Detection of command and control in advanced persistent threat based on independent access
dc.type	Conference Proceeding
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney
utslib.copyright.status	closed_access	*
dc.date.updated	2021-01-05T01:04:53Z
pubs.finish-date	2016-05-27
pubs.publication-status	Published
pubs.start-date	2016-05-22

Abstract:

© 2016 IEEE. Advanced Persistent Threat (APT) imposes increasing threats on cyber security with the developing network attack technologies. APT is a highly interactive, specifically targeted and extremely harmful network-centric attack, which employs various technologies to evade detection during attacks leading to the result that victims will not be aware of attacks until they suffer from tremendous losses. Since command and control (C&C) is an essential component during the lifetime of APT, the detection of it is a practical measure to defend against the APT. In this paper, we analyze the features of C&C in APT and find that the HTTP-based C&C is widely used. Based on the analysis results, we propose a new feature of C&C, i.e., independent access, to characterize the difference between C&C communications and normal HTTP requests. Applying the independent access feature into DNS records, we implement a novel C&C detection method and validate it on public dataset. As a new feature of C&C, its advantages and drawbacks are also analyzed.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/145081