A Method of Monitoring and Detecting APT Attacks Based on Unknown Domains

Abstract

The increasing coverage of Internet has created opportunities and advantages for different aspects of society. However, there come new threats and challenges to information security. One of the typical types of attacks that has increasingly occurred is the APT attack (Advanced Persistent Threat). APT is dangerous with clear purposes. APT attacks employ different sophisticated methods and techniques attacking targets in order to steal confidential and sensitive information. In the past, hackers attacked information systems with personal and financial motives. However, there are nowadays other motives such as political ones and they are potentially backed by governments or nations. Nations that own advanced technologies such as United States, India, Russia, UK are also suffering from special purpose attacks. APT is an advanced type of attacks that consists of many stages and concrete strategies. Besides, techniques and technologies employed in APT attack are usually new and developed by hackers in order to break through the monitoring of security software. However, APT is normally implemented through concrete steps and stages. If one of the steps or stages fails, the entire APT attack will fail. This paper presents a method of detecting APT attacks based on monitoring accesses to unknown domains. This detection method results into high effectiveness in the initial stage of APT attacks.