Detection of APT Malware through External and Internal Network Traffic Correlation

This master thesis presents overview on advanced persistent threat (APT) definition and explanation of it. One of the most dangerous APT named: ”Snake” will be presented along with other similar APT’s. Various virtual environments like e.g. VirtualBox will be investigated in order to understand how APT malware behaves in these environments. The central focus of this master thesis lies on detection of futuristic APT malware based on cross-referencing communication patterns in order to detect APT malware. A prototype detection tool will be created and tested in order to detect similar APT’s like Snake. Additionally a prototype malware will be supplied as well, which contain similar stealth communication techniques as the Snake APT malware. This prototype malware will be tested with the current state of commercial firewall applications in order to prove its effectiveness. In the end challenges and solutions will be presented for future research work.