Professional Documents
Culture Documents
Advanced Persistent Threat Detector: Shyam Prakash RS 17MZ08 I Year M.E. CSE
Advanced Persistent Threat Detector: Shyam Prakash RS 17MZ08 I Year M.E. CSE
REPORT – 2
Submitted By
Shyam Prakash RS
17MZ08
I Year M.E. CSE
ADVANCED PERSISTENT THREAT
Advanced persistent threat has been a growing potential threat to all computer
systems, and is more dangerous than other malware and viruses, due to its behaviour and
ability of being undetected by antivirus software.
So, identifying its presence on any internet enabled computer is very essential
and should be done as soon as possible This proposed tool has a simple user Interface,
with which the user can check for the presence of APT by trying to browse any URL and
check for possible redirections to malicious and anonymous sites.
Steps :
1.The outflowing network traffic of the system which is to be checked are captured and
exported by Wireshark. Wireshark is a free and open source packet analyser. It is a data
capturing program that understands the structure of different networking protocols.
2.The captured packets are exported into plain text files. (*.txt format)
3.A sample capture data has been shown below, with which the application works, to
identify the Threat Affected Personal Computer.
Frame 1: 157 bytes on wire (1256 bits), 157 bytes captured (1256 bits) on interface 0
IPv6mcast_01:00:02 (33:33:00:01:00:02)
4. The fields src and dst denote Source and Destination of the network traffic.
Using the dst field, the actual redirection which occurs in the system on user request can
be identified, by using the IP address.
5. When the redirection is unintentional and is done to a malicious site, user is identified to
be using an affected Personal Computer.
7. When the user generates the report of Test, user is warned about the malicious
redirections and the URLs are listed.
8. It is possible that new URLs may be included for redirection by the attacker, to solve
his/her purpose. Therefore, updating the list if malicious URL is necessary. This update of
list of malicious URLs is done by providing regular product updates.
9. User can do testing or can perform update only by logging in to the application, to
prevent the misuse and generation of false reports.
Login Screen
2. Exporting done in text format needs each and every line of stream of characters to
be searched, to identify destination field for identifying Malicious destination URL.
The above function splits the String starting from the Word dst, which denotes destination IP
Address.
MyLogin(Frame frame){
setLayout(new FlowLayout());
userid = new TextField(15);
password = new TextField(15);
password.setEchoChar('*');
add(new Label("UserID :"));
add(userid);
add(new Label("Password :"));
add(password);
addOKCancelPanel();
createFrame();
pack();
setVisible(true);
}
void addOKCancelPanel() {
Panel p = new Panel();
p.setLayout(new FlowLayout());
createButtons( p );
add( p );
}
void createButtons(Panel p) {
p.add(ok = new Button("Login"));
ok.addActionListener(this);
p.add(can = new Button("Cancel"));
can.addActionListener(this);
}
void createFrame() {
Dimension d = getToolkit().getScreenSize();
setLocation(d.width/4,d.height/3);
}
{
for (javax.swing.UIManager.LookAndFeelInfo info :
javax.swing.UIManager.getInstalledLookAndFeels()) {
if ("Nimbus".equals(info.getName())) {
javax.swing.UIManager.setLookAndFeel(info.getClassName());
break;
}
}
}
/* Create and display the applet */
try {
java.awt.EventQueue.invokeAndWait(new Runnable() {
public void run() {
initComponents();
}
});
} catch (Exception ex) {
ex.printStackTrace();
}
}
.addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jLabel2, javax.swing.GroupLayout.PREFERRED_SIZE, 105,
javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(jTextField1, javax.swing.GroupLayout.PREFERRED_SIZE, 188,
javax.swing.GroupLayout.PREFERRED_SIZE))))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 14,
Short.MAX_VALUE)
.addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING,
jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
.addGroup(jPanel1Layout.createSequentialGroup()
.addGap(33, 33, 33)
.addComponent(jButton2, javax.swing.GroupLayout.PREFERRED_SIZE, 116,
javax.swing.GroupLayout.PREFERRED_SIZE)
.addGap(29, 29, 29))
.addGroup(jPanel1Layout.createSequentialGroup()
.addComponent(jButton3, javax.swing.GroupLayout.DEFAULT_SIZE,
javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addContainerGap()))
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING,
jPanel1Layout.createSequentialGroup()
.addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 168,
javax.swing.GroupLayout.PREFERRED_SIZE)
.addContainerGap())))
);
jPanel1Layout.setVerticalGroup(
jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(jPanel1Layout.createSequentialGroup()
.addContainerGap()
.addComponent(jLabel1, javax.swing.GroupLayout.PREFERRED_SIZE, 37,
javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING,
false)
.addComponent(jTextField1)
.addComponent(jButton3, javax.swing.GroupLayout.DEFAULT_SIZE, 52,
Short.MAX_VALUE))
.addGap(36, 36, 36)
.addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jLabel2, javax.swing.GroupLayout.PREFERRED_SIZE, 39,
javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 47,
javax.swing.GroupLayout.PREFERRED_SIZE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 118,
Short.MAX_VALUE)
.addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jButton1)
.addComponent(jButton2)
.addComponent(jButton4))
.addGap(21, 21, 21))
);