Advanced Persistent Threat Detection by Using Network Analysis
aptdetector is a humble try to gather all means of malware detection from network analysis in one place, for educational purposes only.
- used pcap-parser as the base for network analysis module
- use Cuckoo Sandbox as automated malware detection
aptdetector is tested against Python 3.4, 3.5, and PyPy. Full and extensive docs would be available at Read The Docs. See what's new by checking the CHANGELOG.
aptdetector can be added to a project in a few ways. There's the obvious one:
pip install aptdetector
Then, thanks to PyPI, aptdetector is just an import away:
However, due to the nature of utilities, application developers might dependencies. See the Integration section of the docs
Stage Zero is now completed. you can use v0.1.4 of software to test it:
from aptdetector.network.sniffer import BaseSniffer sni = BaseSniffer() sni.pcap_file='examples/test.pcap' sni.parse() sni.connections(source='22.214.171.124',show_port=True,simplify=True) sni.connections(destination='192.168.204.136',show_port=False,simplify=True)
you can check out the Stages if you want to get a sense of project roadmap.
Please do not use this program in production!! it's an educational project only.
I've based my work loosely on some respectful papers that i've linked below:
- Packet sniffing a brief introduction
- Persistent threats and how to monitor and deter them
- Effective and Efficient Malware Detection at the End Host
- Detecting APT Activity with Network Traffic Analysis
- Inspecting DNS Flow Traffic for Purposes of Botnet Detection
- BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection
- Panorama: Capturing System-Wide Information Flow for Malware Detection and Analysis
Found something missing in the in
aptdetector? something is broken in
If you are very motivated, submit a Pull Request. Otherwise,
submit a short feature request on the Issues page, and we will
figure something out.