2020
DOI: 10.1145/3386581
|View full text |Cite
|
Sign up to set email alerts
|

Malware Triage for Early Identification of Advanced Persistent Threat Activities

Abstract: In the past decade, a new class of cyber-threats, known as "Advanced Persistent Threat" (APT), has emerged and has been used by different organizations to perform dangerous and effective attacks against financial and politic entities, critical infrastructures, and so on. To identify APT related malware early, a semi-automatic approach for malware samples analysis is needed. Recently, a malware triage step for a semi-automatic malware analysis architecture has been introduced. This step identifies incoming APT … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
29
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
6
1

Relationship

0
7

Authors

Journals

citations
Cited by 20 publications
(30 citation statements)
references
References 17 publications
1
29
0
Order By: Relevance
“…This concurs with the rest of the field [50,22,58,77,44]. Seven papers consider three alternative ML methods: clustering, anomaly detection and structured prediction techniques [106,66,80,78,7,8,47]. We explore these further as they show promise towards the open-world problem.…”
Section: Data Modeling Techniquessupporting
confidence: 69%
See 1 more Smart Citation
“…This concurs with the rest of the field [50,22,58,77,44]. Seven papers consider three alternative ML methods: clustering, anomaly detection and structured prediction techniques [106,66,80,78,7,8,47]. We explore these further as they show promise towards the open-world problem.…”
Section: Data Modeling Techniquessupporting
confidence: 69%
“…Our search criteria looked for work which addressed the problem of binary and malware authorship attribution. We omitted any papers which performed a binary classification on malware and contained no significant contribution on authorship styles to malicious files, e.g., we omit the paper [65] as this classifies malware into APT group or non-APT group but we include [66] as this classifies malware into specific APT groups. We identified eighteen papers which possess a significant relationship with MAA, and we contacted all authors whose systems were not publicly available.…”
Section: Malware Binary Authorship Attributionmentioning
confidence: 99%
“…However, the method to judge the priority of API is based on prior knowledge, which may lead to a deviation. Laurenza et al [3] relied on the static characteristics of malware and designed a malware classification framework based on the concept of isolation forest learning. ey trained each isolation forest with specific APT samples using only static features.…”
Section: Related Workmentioning
confidence: 99%
“…Similar to traditional network attacks, APT attackers must use malware as attack weapons to attack in cyberspace [2]. However, unlike traditional network attacks, APT attacks will use some independent development malware to achieve specific purposes against different targets [3]. is malware is collectively called APT malware [4].…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation