Title page for etd-0723113-211137


[Back to Results | New Search]

URN etd-0723113-211137
Author Ming-Che Liu
Author's Email Address No Public.
Statistics This thesis had been viewed 5367 times. Download 39 times.
Department Computer Science and Engineering
Year 2012
Semester 2
Degree Master
Type of Document
Language English
Title APT Attack Detection Based on DNS Time Frequency Analysis
Date of Defense 2013-07-18
Page Count 84
Keyword
  • Malware
  • Traffic Analysis
  • APT Attack
  • Abstract Recently, malware infection has become one of the most serious threats against information security. Analysis and detection against malware are regarded as an important issue by the researchers, government units, and enterprises. In recent years, the APT (Advanced Persistent Threats) attack is seen as a notorious attack made by hackers and quite many well-known enterprises or organizations have become the victims. APT adopts a target attack model that focuses on some specific target in organization. Hackers design exclusive malware to invade specific targets through the e-mails with the function of embedded software exploits. Once any weakness exists in the specific application, the exploit will be triggered and further automatically install delicately customized malware. Due to the fact that the malware is primarily programmed for a specific victim, any anti-virus software is not capable of detecting the malware with corresponding signatures. When a compromised host was infected by malware, the hacker can utilize the infected individual to conduct some malicious activities, in which the primary intention is to steal the confidential
    information in some (key) user’s computer. Before the compromised hosts receive any commands, they must obtain the IP address of the C&C server (Control and Command server), and therefore there are a lot of behaviors and information of APT malware behind DNS traffic. Considering this situation, we attempt to utilize some time features of the malware to analyze whether the hosts were infected by malware or backdoor programs. The method we design can not only detect the APT malware, but also recognize its variation efficiently.
    Advisory Committee
  • Chu-Sing Yang - chair
  • Han-wei Hsiao - co-chair
  • Chia-Mai Chen - co-chair
  • Chun-I Fan - advisor
  • Files
  • etd-0723113-211137.pdf
  • Indicate in-campus at 5 year and off-campus access at 5 year.
    Date of Submission 2013-08-26

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys