APT Detection with Concolic Execution

Abstract

Advanced persistent threat (APT) is sophisticated cyber-attack and has attracted lots of attention of security researchers in cybersecurity. Traditional defense measures based on signature matching such as antivirus products and IDS/IPS are insufficient to detect APT. Concolic(a portmanteau of CONCrete and SymbOLIC) execution is a hybrid software verification technique that performs symbolic execution which could be used for APT detection. In this paper, we proposed a framework of APT detection which includes network traffic redirection module, user agent, reconstruction module, dynamic analysis module and response module. With the help of concolic execution in dynamic analysis module, the framework could effectively and accurately detect APT attacks compared with current defense systems. We provide a detailed example to illustrate how the framework works against APT attacks especially passive attacks.