Defending against the advanced persistent threat: Detection of disguised executable files
- Published
- Accepted
- Subject Areas
- Computer Networks and Communications, Security and Privacy
- Keywords
- Cyber attacks, advanced persistent threat, spear-phishing emails, malware, disguised executable file, intrusion detection system
- Copyright
- © 2018 Ghafir et al.
- Licence
- This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Preprints) and either DOI or URL of the article must be cited.
- Cite this article
- 2018. Defending against the advanced persistent threat: Detection of disguised executable files. PeerJ Preprints 6:e2998v2 https://doi.org/10.7287/peerj.preprints.2998v2
Abstract
Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.
Author Comment
A more informative title has been used and the introduction has been amended to fit the topic.