Classification and Analysis of Malicious Code Detection Techniques Based on the APT Attack

• Published in: Applied sciences Vol. 13; no. 5; p. 2894
• Main Authors: Lee, Kyungroul, Lee, Jaehyuk, Yim, Kangbin
• Format: Journal Article
• Language: English
• Published: Basel MDPI AG 01.03.2023
• Subjects: Anti-virus software; APT attack; attack scenario; attack technique; Behavior; Big Data; Classification; Codes; Cybercrime; Cyberterrorism; Defense industry; detection technique; Embedded systems; Hard disks; Infections; Information management; malicious code; Malware; Security management; Servers; Spyware; Unmanned aerial vehicles; South Korea; Germany
• ISSN: 2076-3417; 2076-3417
• DOI: 10.3390/app13052894

According to the Fire-eye’s M-Trends Annual Threat Report 2022, there are many advanced persistent threat (APT) attacks that are currently in use, and such continuous and specialized APT attacks cause serious damages attacks. As APT attacks continue to be active, there is a need for countermeasures to detect new and existing malicious codes. An APT attack is a type of intelligent attack that analyzes the target and exploits its vulnerabilities. It attempts to achieve a specific purpose, and is persistent in continuously attacking and threatening the system. With this background, this paper analyzes attack scenarios based on attack cases by malicious code, and surveys and analyzes attack techniques used in attack cases. Based on the results of the analysis, we classify and analyze malicious code detection techniques into security management systems, pattern-based detection, heuristic-based detection, reputation-based detection, behavior-based detection, virtualization-based detection, anomaly detection, data analysis-based detection (big data-based, machine learning-based), and others. This paper is expected to serve as a useful reference for detecting and preventing malicious codes. Specifically, this article is a surveyed review article.