The Treatment of Advanced Persistent Threats on Windows Based Systems

Bentley, Peter (2021) The Treatment of Advanced Persistent Threats on Windows Based Systems. PhD thesis, University of Gloucestershire. doi:10.46289/CPAQ6617

[img]
Preview
Text (Final Thesis)
10332_P_ Bentley_ PhD_ Thesis_The_Treatment_of_Advanced_Persistent_Threats_on_Windows_Based_Systems.pdf - Accepted Version
Available under License All Rights Reserved.

Download (40MB) | Preview

Abstract

Advanced Persistent Threat (APT) is the name given to individuals or groups who write malicious software (malware) and who have the intent to perform actions detrimental to the victim or the victims' organisation. This thesis investigates ways in which it is possible to treat APTs before, during and after the malware has been laid down on the victim's computer. The scope of the thesis is restricted to desktop and laptop computers with hard disk drives. APTs have different motivations for their work and this thesis is agnostic towards their origin and intent. Anti-malware companies freely present the work of APTs in many ways but summarise mainly in the form of white papers. Individually, pieces of these works give an incomplete picture of an APT but in aggregate it is possible to construct a view of APT families and pan-APT commonalities by comparing and contrasting the work of many anti-malware companies; it as if there are alot of the pieces of a jigsaw puzzle but there is no box lid available with the complete picture. In addition, academic papers provide proof of concept attacks and observations, some of which may become used by malware writers. Gaps in, and extensions to, the public knowledge may be filled through inference, implication, interpolation and extrapolation and form the basis for this thesis. The thesis presents a view of where APTs lie on windows-based systems. It uses this view to create and build generic views of where APTs lie on Hard Disc Drives on Windows based systems using the Lockheed Martin Cyber Kill Chain. This is then used to treat APTs on Windows based IT systems using purpose-built software in such a way that the malware is negated by. The thesis does not claim to find all malware on but it demonstrates how to increase the cost of doing business for APTs, for example by overwriting unused disc space so APTs cannot place malware there. The software developed was able to find Indicators of Compromise on all eight Hard Disc Drives provided for analysis. Separately, from a corpus of 228 files known to be associated with malware it identified approximately two thirds as Indicators of Compromise.

Item Type: Thesis (PhD)
Thesis Advisors:
Thesis AdvisorEmailURL
Bechkoum, Kamalkbechkoum@glos.ac.ukhttps://www.glos.ac.uk/staff/profile/kamal-bechkoum/
Thomas, Paulapthomas2@glos.ac.ukUNSPECIFIED
Uncontrolled Keywords: Windows Based Systems; Advanced Persistent Threat (APT); Malware; Cyber security
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Schools and Research Institutes > School of Computing and Engineering
Depositing User: Susan Turner
Date Deposited: 05 Nov 2021 11:23
Last Modified: 19 Nov 2021 15:39
URI: https://eprints.glos.ac.uk/id/eprint/10332

University Staff: Request a correction | Repository Editors: Update this record

University Of Gloucestershire

Bookmark and Share

Find Us On Social Media:

Social Media Icons Facebook Twitter Google+ YouTube Pinterest Linkedin

Other University Web Sites

University of Gloucestershire, The Park, Cheltenham, Gloucestershire, GL50 2RH. Telephone +44 (0)844 8010001.