Real-life Targeted Attack, Malware Threat and Network Intrusion: Analysis, Detection, Defense and Recovery

PhD Thesis Proposal Defence


Title: "Real-life Targeted Attack, Malware Threat and Network Intrusion: 
Analysis, Detection, Defense and Recovery"

by

Mr. Anthony Cheuk Tung LAI


Abstract:

Real-life cyber-attack incident handling requires research and study to improve 
the capability of incident response, detection, and defense against threats 
including backdoor threats and ransomware attacks. In addition, deploying 
realistic honeypots to deal with target and unknown attack vectors, we attempt 
to figure out the attack vector of the attacker in a network. In the thesis 
proposal, we propose setting up and integrating existing solutions to detect 
and defend against the mentioned threats.

We propose a methodology called Target Attack Backdoor Malware Analysis and 
Attribution Matrix (TABMAX) to analyze this specific type of persistent module 
backdoor specifically made for web servers to accelerate analysis and incident 
response. We propose an incident response methodology matrix called BackDoor 
Incident Response Model (BDIRM) to handle incidents with backdoor effectively, 
thereby accelerating the eradication of the risk and impact of backdoor against 
organizations.

We propose RansomSOC which is a Security Operations Center (SOC) framework 
specific to ransomware attack detection and response to detect ransomware 
earlier, reduce the impact of the ransomware infection on the target systems, 
and keep the critical data survival time for servers and workstations longer 
during a ransomware attack. We propose a ransomware incident response model to 
address the literature gap and illustrate the model application with a 
representative front-line ransomware incident response experience from one of 
our clients.

To migrate the risks, realistic honeypots with a very similar business context 
to the real system are deployed to trap the attackers.

Keywords: Cyberattack, targeted attack, incident response, backdoor, 
ransomware, honeypot


Date:			Friday, 27 May 2022

Time:                  	10:00am - 12:00noon

Zoom Meeting: 
https://us06web.zoom.us/j/5409309429?pwd=UlJKaDBWQTFITERxSGdMQzdsTzJaQT09

Committee Members:	Dr. Jogesh Muppala (Supervisor)
  			Prof. Andrew Horner (Chairperson)
 			Dr. Alex Lam
 			Prof. Dimitris Papadias
 			Dr. Shuai Wang


**** ALL are Welcome ****