Identifying APT Malware Domain Based on Mobile DNS Logging

  title={Identifying APT Malware Domain Based on Mobile DNS Logging},
  author={Weina Niu and Xiaosong Zhang and G. Yang and Jianan Zhu and Ren Zhong-wei},
  journal={Mathematical Problems in Engineering},
  • Weina Niu, Xiaosong Zhang, +2 authors Ren Zhong-wei
  • Published 2017
  • Computer Science
  • Mathematical Problems in Engineering
  • Advanced Persistent Threat (APT) is a serious threat against sensitive information. Current detection approaches are time-consuming since they detect APT attack by in-depth analysis of massive amounts of data after data breaches. Specifically, APT attackers make use of DNS to locate their command and control (C&C) servers and victims’ machines. In this paper, we propose an efficient approach to detect APT malware C&C domain with high accuracy by analyzing DNS logs. We first extract 15 features… CONTINUE READING
    55 Citations
    AULD: Large Scale Suspicious DNS Activities Detection via Unsupervised Learning in Advanced Persistent Threats
    • 2
    • PDF
    Hawk-Eye: Holistic Detection of APT Command and Control Domains
    • Highly Influenced
    • PDF
    A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities
    • 41
    VPN Traffic Detection in SSL-Protected Channel
    • 2


    Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis
    • 80
    • PDF
    Detecting Malicious Domains via Graph Inference
    • 24
    On the Security of Machine Learning in Malware C&C Detection
    • 52
    • PDF
    EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis
    • 485
    • PDF
    Segugio: Efficient Behavior-Based Tracking of Malware-Control Domains in Large ISP Networks
    • 79
    • PDF
    Detection of command and control in advanced persistent threat based on independent access
    • 25
    Analysis of high volumes of network traffic for Advanced Persistent Threat detection
    • 85
    • PDF
    Combating advanced persistent threats: From network event correlation to incident detection
    • 118
    • PDF
    BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
    • 843
    • PDF
    BotGAD: detecting botnets by capturing group activities in network traffic
    • 98
    • PDF