Authors:
Mohammed Jawed
1
;
Sriram Parameshwaran
2
;
Nitesh Kumar
3
;
Anand Handa
3
and
Sandeep Shukla
3
Affiliations:
1
International Atomic Energy Agency (IAEA), Austria
;
2
McAfee India Pvt Ltd, India
;
3
C3i Hub, Indian Institute of Technology, Kanpur, India
Keyword(s):
Threat Categorization, Command-and-Control(C2) Communication, Pcap Files, Network Security, Threat Detection, Threat Mitigation, Machine Learning, RabbitMQ, User Interface, APIs, SQLite Database, Containerization, Scapy, Python, Rule-Engine.
Abstract:
In today’s digital world, network security is of utmost importance. Cyber-attacks are becoming more sophisticated and complex, making it increasingly difficult to detect and prevent them. Command-and-Control (C2) communication is a common technique used by attackers to control infected hosts and steal sensitive information. Therefore, it is crucial to identify and categorize network threats accurately to prevent and mitigate cyber-attacks. However, traditional methods of threat categorization are often insufficient in identifying and classifying these communications. This work aims to develop a threat categorization tool based on C2 communication in archived/live stream .pcap files that can help organizations more effectively detect and respond to cyber threats. The resulting tool, ArkThor, represents safety and strength and is a cutting-edge threat categorization engine designed to empower organizations to stay ahead of emerging threats in the cybersecurity landscape.