APTGuard: Advanced persistent threat (APT) detections and predictions using android smartphone

Abstract

Advanced Persistent Threat (APT) is an attack aim to damage the system’s data from the aspect of confidentiality and integrity. APT attack has several variants of attacks such social engineering techniques via spear phishing, watering hole and whaling. APTGuard exhibits the ability to predict spear phishing URLs accurately using ensemble learning that combines decision tree and neural network. The URL is obtained from the SMS content received on the smart phones and sent to the server for filtering, classifying, logging and finally informing the administrator of the classification outcome. APTGuard can predict and detect APT from spear phishing but it does not have the ability of automated intervention on the user receiving the spear phishing URL. As a result, APTGuard is capable to extract the features of the URL and then classify it accordingly using ensemble learner which combines decision tree and neural network accurately.