Abstract
APT (Advanced Persistent Threat) attack is increasing in recent years. APT attackers usually utilize malware called RAT (Remote Access Trojan) to access and control computers by stealth. The invasion method of RAT has been refined and it is extremely difficult to prevent its infection beforehand. Hence, an approach to detect RAT infection at the early stage after infection is important. However, there are two drawbacks in the existing early detection methods of RAT; (1) they do not become early detection in some circumstances; (2) they do not consider the RAT-like healthy software (e.g., system related software and antivirus software) for evaluation experiments. In this paper, we propose a detection method of RAT based on the new mechanism of early detection. Our evaluation experiments show that the proposed method can distinguish between RAT and the RAT-like healthy software with great accuracy.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
