Disguised executable files in spear-phishing emails: Detecting the point of entry in advanced persistent threat
1
Faculty of Science & Engineering, The Manchester Metropolitan University, Manchester, United Kingdom
2
Faculty of Informatics, Masaryk University, Brno, Czech Republic
- Published
- Accepted
- Subject Areas
- Computer Networks and Communications, Security and Privacy
- Keywords
- Cyber attacks, advanced persistent threat, spear-phishing emails, malware, disguised executable file, intrusion detection system
- Copyright
- © 2017 Ghafir et al.
- Licence
- This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Preprints) and either DOI or URL of the article must be cited.
- Cite this article
- 2017. Disguised executable files in spear-phishing emails: Detecting the point of entry in advanced persistent threat. PeerJ Preprints 5:e2998v1 https://doi.org/10.7287/peerj.preprints.2998v1
Abstract
Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.
Author Comment
This is a preprint submission to PeerJ Preprints.