Novel approach against cyber attacks

Government agencies and companies are increasingly threatened by cyber attackers whose goal is to steal sensitive data. The recent attack on Ruag is a typical example of such an attack. The attackers infected an internal company PC and then used it to analyze the internal IT network and steal massive amounts of data.
Such so-called APT (Advanced Persistent Threat) attacks are very difficult to detect with current security solutions. It often takes months or years for an organization to realize that attackers have infiltrated its IT network.

Vincent Lenders (armasuisse Science and Technology) and Pavlos Lamprakis, Ruggiero Dargenio, David Gugelmann, Markus Happe and Laurent Vanbever (ETH Zurich) have developed a novel method that detects communication channels between malware on infected PCs and the attackers' control servers. The presented approach can detect HTTP-based communication channels (C&C channels) of regular and APT malware within a few hours.

The publication "Unsupervised Detection of APT C&C Channels using Web Request Graphs" will be presented at the DIMVA conference in Bonn in early July. The work is the result of a research project between Armasuisse and the Zurich Information Security and Privacy Center (ZISC) at ETH Zurich. The work supports the National Strategy for the Protection of Switzerland against Cyber Risks (NCS).

The DIMVA conference was established 14 years ago and is organized by the Special Interest Group Security - Intrusion Detection (SIDAR) and the Gesellschaft für Informatik (GI). The conference is considered one of the leading conferences in the field of intrusion and malware detection and vulnerability analysis. Every year, international experts from academia, industry and government agencies meet there to exchange their research results.

Press release armasuisse