APT Covert Tunnel Detection based on OpenVPN Identification

Qi-wei WU,Yong SHI,Zhi XUE
DOI: https://doi.org/10.3969/j.issn.1009-8054.2015.12.067
2015-01-01
Abstract:With the development of Internet and information security, there appears a new attack method:ATP (Advanced Persis ̄tent Threat). At the last stage of APT, when wanting to steal sensitive data from victimized network, the attacker may use covert tun ̄nel. Virtual private networks are point-to-point connections across a private or public network such as Internet. VPN has always been considered safe in the past few years, but in fact, it may also bring a lot of potential safety hazards. For example, the attacker may take advantage of virtual private network, and make it an APT covert tunnel for transmitting sensitive data. In view of such a double-edged sword, it is necessary to find a way for detecting malignant virtual private network and preventing the existence of APT covert tunnel.
What problem does this paper attempt to address?