armasuisse – ETH Zurich team presents novel approach to identifying targeted cyber attacks

Bern, 12.06.2017 - armasuisse Science and Technology and ETH Zurich have developed a new method for detecting targeted cyber attacks on IT networks. This is contributing to the national strategy for protecting Switzerland against cyber risks (NCS).

Government offices and companies are increasingly threatened by cyber attackers intent on stealing sensitive data. The recent attack on RUAG is a typical example of such an attack. The hackers infected one of the company's PCs and then used it to analyse the inhouse IT network and steal a large volume of data.
Such «Advanced Persistent Threat (APT)» attacks are very difficult to detect using conventional security solutions. It often takes months or years until an organisation realises that intruders have infiltrated their IT network.

Vincent Lenders (armasuisse Science and Technology) and Pavlos Lamprakis, Ruggiero Dargenio, David Gugelmann, Markus Happe and Laurent Vanbever (ETH Zurich) have developed a novel method for detecting the communication channels between malware on infected PCs and the hackers’ command-and-control servers. The approach used is able to identify HTTP-based communication channels (C&C channels) of regular and APT malware in the space of just a few hours.

The publication «Unsupervised Detection of APT C&C Channels using Web Request Graphs» will be presented in Bonn at the DIMVA conference at the beginning of July. The work is the result of a research project that brought together armasuisse Science and Technology and the Zurich Information Security and Privacy Center (ZISC) of ETH Zurich. This work is supporting the national strategy for protecting Switzerland against cyber risks (NCS).

The DIMVA conference was founded 14 years ago and is organised by the Special Interest Group Security – Intrusion Detection (SIDAR) and the German Informatics Society (Gesellschaft für Informatik – GI). The conference is regarded as one of the leading conferences on intrusion and malware detection and for the analysis of weak points. Each year, it provides a forum at which international experts from science, industry and government bodies can meet to discuss their research findings.

Address for enquiries

Kaj-Gunnar Sievert
Head of Communications armasuisse
058 464 62 47


Federal Department of Defence, Civil Protection and Sports