Advanced Persistent Threat Detection Performance Analysis Based on Machine Learning Models
Keywords:
Enter APT, APT Machine Learning, SVM, KNN, CNNAbstract
Advanced Persistent Threats (APTs) present a serious threat to modern cyber security, prompting research and evaluation of effective detection techniques. The on-going development of Advanced Persistent Threats (APTs) has motivated the investigation of novel strategies for preventing their malicious activities. The research presented here provides an in-depth investigation of machine learning-based APT detection techniques. APTs are explained in the beginning along with their features and the specifics of their attack models. By outlining their attack techniques and tactics, further analyse APTs. An extensive examination of APT attack detection strategies is covered in this study, with a focus on machine learning techniques. In the context of APT detection, Support Vector Machines (SVM), k-Nearest Neighbours (KNN), Deep Belief Networks (DBN), Decision Trees, and Convolutional Neural Networks (CNN) are considered. The underlying assumptions and applicability of each method for APT detection are evaluated. The performance study of the aforementioned machine learning approaches is the main goal of this research. To facilitate this, GiuseppeLaurenza/I_F_Identifier datasetis employed, which comprises a diverse range of network traffic scenarios. Different performance metrics, including precision, recall, F1-score, accuracy, true positive rate, and true negative rate, are employed to gauge the effectiveness of the detection techniques. The results unveiled in this study underline the superiority of Convolutional Neural Networks (CNN) over the other examined methods. The precision, recall, F1-score, accuracy, true positive rate, and true negative rate metrics collectively endorse CNN's prowess in accurately and comprehensively detecting APT attacks within network traffic. These findings not only contribute to the ongoing discourse on APT detection but also underscore the efficacy of CNNs in fortifying cyber security systems against sophisticated threats.
Downloads
References
A. Asharani, S. Myneni, A. Chowdhary and D. Huang, "A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1851-1877, 2019.
Chu, Wen-Lin, Chih-Jer Lin, and Ke-Neng Chang. "Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine," Applied Sciences, Vol. 9, no. 21, 2019.
Yi-xi Xie, Li-xin Ji, Ling-shu Li, Zehua Guo, Thar Baker, “An adaptive defense mechanism to prevent advanced persistent threats,” Connection Science, Vol. 33, No. 2, pp. 359-379, 2020.
Zitong Li, Xiang Cheng, Lixiao Sun, Ji Zhang, Bing Chen, "A Hierarchical Approach for Advanced Persistent Threat Detection with Attention-Based Graph Neural Networks,” Security and Communication Networks, vol. 2021, 1-14.
Do Xuan, Cho, Dao, Mai Hoang, Nguyen and Hoa Dinh, “APT Attack Detection Based on Flow Network Analysis Techniques Using Deep Learning,” Journal of Intelligent & Fuzzy Systems, vol. 39, no. 3, pp. 4785-4801, 2020.
M. Marchetti, F. Pierazzi, M. Colajanni, and A. Guido, “Analysis of high volumes of network traffic for advanced persistent threat detection,” Computer Networks, vol. 109, pp. 127–141, 2016.
Wang, Guozhu, Yiwen Cui, Jie Wang, Lihua Wu, and Guanyu Hu, "A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base," Applied Sciences, Vol. 11, No. 21, 2021.
M. Ussath, D. Jaeger, F. Cheng, and C. Meinel, “Advanced persistent threats: Behind the scenes,” in Information Science and Systems (CISS), 2016 ual Conference on. IEEE, 2016, pp. 181–186.
P. Chen, L. Desmet, and C. Huygens, “A study on advanced persistent threats,” in IFIP International Conference on Communications and Multimedia Security. Springer, 2014, pp. 63–72.
A. K. Sood and R. J. Enbody, “Targeted cyber-attacks: a superset of advanced Persistent threats,” IEEE security & privacy, vol. 11, no. 1,pp. 54–61, 2013.
P. Mell, K. Scarfone, and S. Romanosky, “Common vulnerability scoring system,” IEEE Security & Privacy, vol. 4, no. 6, 2006.
M. Lee and D. Lewis, “Clustering disparate attacks: mapping the activities of the advanced persistent threat,” Last accessed June, vol. 26,2013.
F. Ullah, M. Edwards, R. Ramdhany, R. Chitchyan, M. A. Babar,and A. Rashid, “Data exfiltration: A review of external attack vectorsand countermeasures,” Journal of Network and Computer Applications,2018.
X.Wang, K. Zheng, X. Niu, B.Wu, and C.Wu, “Detection of commandand control in advanced persistent threat based on independent access,”in Communications (ICC), 2016 IEEE International Conference on. IEEE, 2016, pp. 1–6.
L.-X. Yang, P. Li, X. Yang, and Y. Y. Tang, “Security evaluation ofthe cyber networks under advanced persistent threats,” IEEE Access,2017.
H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, “Panorama:capturing system-wide information flow for malware detection andanalysis,” in Proceedings of the 14th ACM conference on Computerand communications security. ACM, 2007, pp. 116–127.
N. Virvilis and D. Gritzalis, “The big four-what we did wrong inadvanced persistent threat detection?” in Availability, Reliability andSecurity (ARES), 2013 Eighth International Conference on. IEEE,2013, pp. 248–254.
Z. Xu, S. Ray, P. Subramanyan, and S. Malik, “Malware detection using machine learning based analysis of virtual memory access patterns,” in2017 Design, Automation & Test in Europe Conference & Exhibition(DATE). IEEE, 2017, pp. 169–174.
C. Vaas and J. Happa, “Detecting disguised processes using applicationbehaviorprofiling,” in Technologies for Homeland Security (HST), 2017 IEEE International Symposium on. IEEE, 2017, pp. 1–6.
A. Bohara, U. Thakore, and W. H. Sanders, “Intrusion detection inenterprise systems by combining and clustering diverse monitor data,”in Proceedings of the Symposium and Bootcamp on the Science ofSecurity. ACM, 2016, pp. 7–16.
A. Shalaginov, K. Franke, and X. Huang, “Malware beaconing detectionby mining large-scale dns logs for targeted attack identification,”in 18th International Conference on Computational Intelligence inSecurity Information Systems. WASET, 2016.
A.M. Lajevardi, M. Amini, “Big knowledge-based semantic correlation for detecting slow and low-level advanced persistent threats,” Journal of Big Data Vol. 8, Issue 148, 2021.
Longkang Shang, Dong Guo, Yuede Ji, Qiang Li, “Discovering unknown advanced persistent threat using shared features mined by neural networks,” Computer Networks, Volume 189, 2021,
Hernandez Guillen, J.D. Martin del Rey, A., Casado-Vara, R, “Propagation of the Malware Used in APTs Based on Dynamic Bayesian Networks,” Mathematics, Vol. 9, 2021.
Chaoxian Wei, Qiang Li, Dong Guo, Xiangyi Meng, “Toward Identifying APT Malware through API System Calls,” Hindawi Security and Communication Networks, Volume 2021, pp. 1-14.
The GiuseppeLaurenza/I_F_Identifier dataset is taken from, https://github.com/GiuseppeLaurenza/I_F_Identifier, accessed on September 2022.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.