HTTP-Based APT Malware Infection Detection Using URL Correlation Analysis

NRL's URL: http://www.nrl.navy.mil/

HTTP header heuristics for malware detection

Sophisticated!malware,!such!as!those!used!by!Advanced!Persistent!Threat!(APT)! groups,!will!attempt!to!avoid!detection!wherever!and!whenever!it!can.!However,! even!the!stealthiest!malware!will!have!to!communicate!at!some!point,!and!when!it! does!so,!it!provides!an!opportunity!for!detection.!This!paper!looks!at!a!number!of! techniques!to!identify!the!presence!of!malware!which!attempts!to!masquer...

Detection of APT Malware through External and Internal Network Traffic Correlation

This master thesis presents overview on advanced persistent threat (APT) definition and explanation of it. One of the most dangerous APT named: ”Snake” will be presented along with other similar APT’s. Various virtual environments like e.g. VirtualBox will be investigated in order to understand how APT malware behaves in these environments. The central focus of this master thesis lies on detect...

HTTP attack detection using n-gram analysis

HTTP Attack Detection using N-gram Analysis by Adityaram Oza Previous research has shown that byte level analysis of HTTP traffic offers a practical solution to the problem of network intrusion detection and traffic analysis. Such an approach does not require any knowledge of applications running on web servers or any pre-processing of incoming data. In this project, we apply three ngram based ...

Permission based Malware Analysis & Detection in Android

Android being a leading and the most popular operating system for smart phones and tablets, has also become a prime target for the attackers due to its growing users and it being an open source platform. This document describes the work done in detecting malware in the Android platform by performing static analysis on the permission based framework in Android platform. In our work, we have extr...