Table of ContentsProfessional Credibility and Job RetentionWhat is Attack Pattern Matching (APM)?Example of example of APM signature:Problems when working on a project:Technical:People:a. Different scheduleb. Not going in the same directionResources/Technologies:Step 1:Step 2:Steps 3:Step 4:Conclusion and future workAcknowledgmentsAttack Pattern Matching (APM) and writing a signature to detect and track a threat are extremely valuable, required and desirable skills. for malware analysis and threat hunting, as well as incident response, such as posture. If someone understands and is able to write an APM signature using a programming language such as Python, bash scripting or C++, these skills will help them become a successful malware analyst as well as reverse engineer. Say no to plagiarism. Get a Tailored Essay on “Why Violent Video Games Should Not Be Banned”?Get an Original EssayProfessional Credibility and Job RetentionHaving strong skills is the key element of professional strength and it ensures your job security current and that made you are the right fit in the eyes of your employer for the organization and organizations always want to keep these numbers on every cost. Skills like APM are some of the most demanding that every company looks for when analyzing malware. What is Attack Pattern Matching (APM)? Attack Pattern Matching (APM) is a generic and open signature algorithm that allows you to describe relevant log events in a simple way. The rules format is very flexible, easy to write and applicable to any type of log file. The main objective is to define and design a set of rules that will identify different attack patterns in the form of rules for files and network traffic. (MVS GROUP INTERNSHIP DOC) To the best of our knowledge and understanding, signature generation using Attack Pattern Matching (APM) technique is a new concept. There is a similar signature generation tool called YARA rules which is present for threat detection, but the problem with this method is the slowest process. Processing 10TB log files takes hours with YARA rules/signatures. Instead, APM signatures take much less time to process the same amount of logs. Sample APM signature example: Title: Description: Describe the rule in one or two sentences. Author: Give yourself credit. References: List those you referred to. Journal Source: Indicate what type of journal you think it is. Detection: unique identifiers or patterns. Lack of available information: Attack pattern matching (APM) is a relatively new approach to threat hunting and securing systems and network against outside attacks. Solution: As I mentioned above, APM is a new concept in threat hunting. We didn't find enough materials for our project and couldn't go any further. At this point, our teacher provided the best advice and encouragement to proceed in the right way. The other most important factor by which we got motivated, started our journey and were able to design our project roadmap was the workshop led by Mr. Ali. He provided us with the knowledge and tools necessary to complete our capstone project within a very short time frame.short.b. Lack of programming skills: Attack Pattern Matching (APM) requires programming skills to generate signatures. Solution: Malware analysis and signature writing require basic knowledge of programming languages. However, we both have a background in programming, but we haven't been working in an environment for a long time where writing/reading programming codes is the main job. We both took this problem as a challenge and started refreshing our programming skills by reading, watching videos and used all available resources to achieve the required skill level. People:a. Different scheduleSolution: We are both married and have responsibilities for our dependents. After school hours, it was very difficult to sit together and work on our project. It was very difficult to stick to a common timeline for the project, but after some difficulty we managed to find a timeline that was acceptable to both of us. Not going in the same directionSolution: While working on the project, we found that sometimes we were going in a different direction. In this situation, we were always respectful to each other and openly listened to other points of view. The above strategy helped us to work in the same direction. Resources/Technologies: During the project, we did not use any free open source software/tools to analyze the Logs file and generate APM signatures, these software, tools and websites are listed as follows: Log files provided by MVS Group Notepad++ MS Excel MS Word Windows 10 host machine VMWare 15 pro workstation Windows VM machine 7VM machine Windows 10 machine VM RED Hat Linux Scripting Bash Total viruses (website) Otxaleinvault (website) Decode and encode URL (website) Critical Log Review Cheat Sheet by SANS (website)Design and Implementation: In this section we will provide explanation detailed about the preparation steps, design and implementation phase of the capstone project.Step 1: The first step is to manufacture the machines required to carry out the task of the capstone project. As mentioned in the resources section, we use VMware Workstation 15 for virtualization and Windows 10 as the host machine. We created the following three virtual machines using trial builds: Windows7 VM Machine Windows 10 VM Machine RED Hat Linux VM Machine Step 2: The second step is to analyze the log file provided by the MVS group using Notepad ++Microsoft Excel and Microsoft Access. The main goal of log analysis is to find suspicious logs, for example logs with suspicious IP addresses, URL, DNS, file path, port and specific string, etc. Steps 3: The next step is to analyze the suspicious logs and information attached to them. There are several paid tools available to analyze suspicious logs, but in our case we basically use two websites for our research: virustotal and otxalienvault. We also used Google extensively during our research to analyze suspicious logs. Additionally, we wrote a bash script to filter suspicious logs by providing malicious keywords including IP addresses, URL, DNS, file path, port and specific string, etc. The bash script helps detect malicious logs by providing strings and saves time. Interestingly, we can get a head start in our work by automating the search for malicious logs by virustotal and..