aptdetector¶
Advanced Persistent Threat Detection by Using Network Analysis
aptdetector is a humble try to gather all means of malware detection
from network analysis in one place, for educational purposes only.
what has been done so far:
* Network Sniffer, sniff network for passing urls and files
APTDetector is tested against Python 3.4, 3.5, and PyPy
See what’s new by checking checking the CHANGELOG.
Installation¶
APTDetector can be added to a project in a few ways. There’s the obvious one:
pip install aptdetector
Then, aptdetector is just an import away:
from aptdetector.network.sniffer import URLSniffer
sniffer = URLSniffer
sniffer.pcap_file = 'sample.pcap'
sniffer.connections(source='10.66.133.90',simplify=True,show_port=True)
However, due to the nature of utilities, application developers might dependencies. See the Integration section of the docs
Disclaimer¶
Please do not use this program in production!! it’s an educational project only.
References¶
I’ve based my work loosely on some respectful papers that i’ve linked below:
- Packet sniffing a brief introduction.
- Persistent threats and how to monitor and deter them.
- Effective and Efficient Malware Detection at the End Host.
- Detecting APT Activity with Network Traffic Analysis.
- Inspecting DNS Flow Traffic for Purposes of Botnet Detection.
- Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection.
- Capturing System-Wide Information Flow for Malware Detection and Analysis.
Gaps¶
Found something missing in the in aptdetector? something is broken in aptdetector?
First, take a moment to read the very brief Architecture statement to make
sure the functionality would be a good fit.
Then if you are very motivated, submit a Pull Request. Otherwise, submit a short feature request on the Issues page, and we will figure something out.