Advanced Persistent Threat Detection using Malware Infection

APT (Advanced Persistent Threat) is a genuine risk to the Internet. With the help of APT malware, attackers can remotely control infected machine and steal the personal information. DNS is well known for malware to find command and control (C & C) servers. The proposed novel system placed at the network departure guide that points toward effectively and efficiently detect APT malware infections based on malicious DNS and traffic analysis. To detect suspicious APT malware C & C domains the system utilizes malicious DNS analysis method, and afterward analyse the traffic of the comparing suspicious IP utilizing anomaly-based and signature based detection innovation. There are separated features in view of big data to describe properties of malware-related DNS. This manufactured a reputation engine to compute a score for an IP address by utilizing these elements vector together.