A study on effective outer document flow based on dast for APT response

Abstract

The Advanced Persistent Threat (APT) is a method of social engineering which refers to a meticulous attack by utilizing a precise attack target and sophisticated program and is also rapidly increasing in continuous progress and development of commercial detection technology. Accordingly, in this research, Document Attachment Sanitization Technology (DAST) based harmless technology through contents reconstitution is established and implemented by analyzing the types of malicious code, attack method, etc. and furthermore, precedent researches which analyze these were investigated. Since the existing technology can only detect simple signature comparison or detection of known malicious code, the technology proposed in this study is able to actively and quickly respond to new malicious code such as concealment, bypass, and latency. DAST is a technology with new perspective of interpretation and a differentiated access method, which is applicable on documentation which inflows from exterior to interior from various types of channels and uses technology which reconstructs documentation after extracting safe contents and therefore able to preemptively and actively respond to APT attack. This study suggested a solution that can improve limitation of existing detection technology; however, it has a limitation of detection by damage on the original document during the process of documentation reconstitution and non-supporting extension, and therefore requires to conduct an additional study in the future time. © 2020 ICIC International. All rights reserved.