Vincent Lenders (armasuisse science and technology), Pavlos Lamprakis, Ruggiero Dargenio, David Gugelmann, Markus Happe and Laurent Vanbever (ETH Zurich) developed a novel approach for the identification of targeted cyber attacks. Their approach supports the national strategy for Switzerland’s protection against cyber risks (NCS).
Cyber attacks targeting sensitive information are an increasing threat to governmental administrations as well as companies. The recent attack against RUAG is a typical example for such Advanced Persistent Threats (APTs). As a protection measure against APTs, the researchers developed a novel approach to identify the hidden control channels used to orchestrate the malware deployed by attackers. The presented approach detects HTTP-based C&C-channels of APT malware which can cause significant damage within hours.
The publication “Unsupervised Detection of APT C&C Channels using Web Request Graphs” will be presented at the renowned DIMVA conference in July 2017. A pre-print of the paper is available online.
The work is the result of a collaboration between armasuisse Science and Technology and the Zurich Information Security and Privacy Centers (ZISC) at ETH Zurich.
See also related release from armasuisse.