Article Preview
Top1. Introduction
Advanced Persistent Threat (Sood & Enbody, 2012; Durham, 2014) is a continuous hacking process achieved using automated malwares carried over the targeted network or system in order to gain unauthorized access and remain undetected for a prolonged period of time. The goal of APT is data theft rather than to cause damage to the system or network. This sophisticated attack is a chain process which uses multiple attack vectors, several entry points to bypass existing defense and remains stealthy for several months. Most of such attacks are launched towards financial organization, defense industries, national critical infrastructures, small and large-scale enterprises. Intrusion kill chain as presented in Table 1 is a common attack cycle model widely used by APTs to launch a successful attack.
Within few decades, the number of incidents related to cyber espionage has significantly increased. The majority of such campaigns happen only through advanced malwares called Advanced Persistent Threats (APTs) targeting government sectors, financial sectors, data centers and private enterprises. The risks possessed by APTs over government sectors are very high. These APTs are target specific and the impacts of cyber-attacks caused by APTs are also at high risks. Advanced Persistent Threats (Veltsos, 2011; Nicho, 2014; Ray, 2014) are more advanced malicious software developed to infect computer systems without being detected easily. APTs are especially known for their covert approach and stealthy (Vasudevan, 2012.) mode of attack. APTs cannot be easily detected by regular anti-virus scanners (Mukkamala, 2007), Intrusion Detection Systems (Dhanakoti, 2015; Kannan, 2015) and Firewalls etc. They stay low and steal information from the target system slowly without causing much impact. APTs are highly persistent i.e. they never rest until the target system is compromised. Modern day cyber-attacks are far more advanced than the traditional attacks. Table 2 shows the difference between traditional malwares and APTs. Hence APTs are considered very harmful information stealers and system attackers. Several anti-security mechanisms such as packing, code obfuscation, behavior obfuscation (Naval, S., 2015), virtual environment etc. are used to prevent malware from being detected. Static detection and dynamic detection are the two malware analysis techniques (Fazlali, 2016; Mead, 2015; Vinod, 2011, 2014; Alazab, 2013, 2015).