Targeted cyber attacks and their mitigation techniques

Abstract

Targeted Cyber Attacks (TCA) and Advanced Persistent Threats (APT) are the main reason for most of the Cyber espionages and sabotages. TCAs and APTs are highly sophisticated, target specific and operate in a stealthy mode till the target is compromised and are difficult to be identified by traditional security systems. The intention of the above-mentioned attacks is to deploy target specific automated malwares in a host or network. Traditional security systems like antivirus, anti-malware system which depend on signatures and static analysis fail to identify such attacks. Hence there is a need for efficient solutions to detect TCAs and APT. In this newlinedissertation, three novel methods have been proposed to detect such attacks. The first method deals with detecting APTs whereas the second method deals with Intrusion Detection Honeypot (IDH) for detecting and mitigating targeted ransomware attacks. Finally, a novel Wireless Intrusion Detection System (WIDS) has been proposed to detect targeted attacks using drones. Advanced Persistent Threats (APT) are major threats in the field of system and network security. Advanced evasion techniques like packing, encryption and behavior obfuscation are employed in APTs to hide their malicious behavior and evade the existing detection techniques. Behaviour obfuscation techniques mainly hide the behaviour of the malware by inserting fake system calls, unrelated API call trees etc. This scrambles the behavior of the malware and makes it impossible for the classifier to trace it and identify whether it is malicious or not. This leads traditional security systems like AVs, sandboxes to fail in detecting APTs. Hence to overcome the above stated problem, a novel hybrid analysis technique using Behavior based Sandboxing (BbS) approach is proposed. newline newline newline