Abstract
The attacks called Advanced Persistent Threat (APT) attack targeting a specific organization are increasing. APT attack usually uses malware called Remote Access Trojan (RAT) which can steal the confidential information from a target organization. Although there are many existing approaches about RAT detection, there still remain two challenges: to detect RATs as early as possible, and to distinguish them from the normal applications with high accuracy and low FNR.
In this paper, we propose a novel method to detect RATs by their process and network behavior on a host in the early stage (i.e., in the preparation period of RAT). We extract the process and network behavior features from this period to distinguish RATs from the normal applications. Our evaluation results show that our method can detect RATs in the early stage with the accuracy of 96.5 % together with FNR of 0 % by Naive Bayes algorithm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chandran, S., Hrudya, P., Poornachandran, P.: An efficient classification model for detecting advanced persistent threat. In: The International Conference on Advances in Computing, Communications and Informations (ICACCI 2015), pp. 2001–2009 (2015)
Das, N., Sarkar, T.: Survey on host and network based intrusion detection system. Int. J. Adv. Netw. Appl. 6(2), 2266–2269 (2014)
Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)
Information-Technology Promotion Agency, Japan, “10 Major Security Threats 2015” (2015)
Jiang, D., Omote, K.: A RAT detection method based on network behaviors of the communication’s early stage. IEICE Trans. Fundam. E99–A(1), 145–153 (2016)
Li, S., Yun, X., Zhang, Y., Xiao, J., Wang, Y.: A general framework of Trojan communication detection based on network traces. In: The 7th International Conference on Networking, Architecture and Storage (NAS 2012), pp. 49–58 (2012)
Moon, D., Pan, S.B., Kim, I.: Host-based intrusion detection system for secure human-centric computing. J. Supercomput. 72(7), 2520–2536 (2015)
Mimura, S., Sasaki, R.: Method for estimating unjust communication cause using network packets associated with process information. In: The International Conference on Information Security and Cyber Forensics (InfoSec 2014) (2014)
Liang, Y., Peng, G., Zhang, H., Wang, Y.: An unknown Trojan detection method based on software network behavior. Wuhan Univ. J. Nat. Sci. 18(5), 369–376 (2013)
Yamauchi, K., Kawamoto, J., Hori, Y., Sakurai, K.: Extracting C&C traffic by session classification using machine learning. In: The 7th Workshop Among Asian Information Security Labs (WAIS) (2014)
Yamada, M., Morinaga, M., Unno, Y., Torii, S., Takenaka, M.: RAT-based malicious activities detection on enterprise internal networks. In: The 10th International Conference for Internet Technology and Secured Transactions (ICITST 2015), pp. 321–325 (2015)
Zeng, Y., Hu, X., Shin, K.G.: Detection of botnets using combined host- and network-level information. In: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2010), pp. 291–300 (2010)
Acknowledgments
This study is partly supported by the Okawa Foundation for Information and Telecommunications.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Adachi, D., Omote, K. (2016). A Host-Based Detection Method of Remote Access Trojan in the Early Stage. In: Bao, F., Chen, L., Deng, R., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2016. Lecture Notes in Computer Science(), vol 10060. Springer, Cham. https://doi.org/10.1007/978-3-319-49151-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-49151-6_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49150-9
Online ISBN: 978-3-319-49151-6
eBook Packages: Computer ScienceComputer Science (R0)