Leveraging Multicollinearity and Regression to Predict Advanced Persistent Threat (APT) Attacks
Keywords:
APT, Hashing, MD5, SHA1, SHA256, Regression, Multi Collinearity, Antivirus, Network Security, Hackers, Machine Learning, Threat Hunting, NIDS, EDR, Python, PyTorch. R.Abstract
Hackers are breaking into businesses employing an Advanced Persistent Threat (APT) strategy to wreak havoc, demand ransom, and malign the company website. The APT attacker breaches an enterprise's firewall using several techniques. As technology develops, hackers are employing cunning strategies to compromise an organization's security. The goal of an APT threat is typically driven by personal, business, or government-backed organizations with vested interests in achieving it. The results of the literature review indicate that the US, India, Russia, and the UK are the main targets of an APT attack. The time has come to concentrate on predictive analysis to foresee APT threats as a preventive strategy, in addition to methods and technology to secure an organizational network. Using statistical methods like regression and multicollinearity analysis on the available threat data, this paper gives predictive modeling for APT Attacks. Secure data transfer is accomplished using hash-based cryptographic methods like MD5, SA1, and SHA1. These protocols are more harmful than previously thought, according to a study, because attackers can impersonate a client while hashing for handshake transcripts by the server. Based on previous research on APT assaults, the current paper gives the prediction of an APT attack. Based on a study of 4,296 hash keys, the distribution is 52% MD5, 11% SHA1, 28% SHA256, and 8% SHA1 according to the.exe download (Unknown). This analysis seeks to stop APTs from quickly expanding from infiltrating a single computer to controlling several computers or the entire organization. The designed model got trained with 60 types of APTs with varying signatures of MD5, SHA1, SHA256, and Unknown variants. The total number of threats used to analyze is 4,296. The proposed analysis significantly outperformed in comparison to the published accuracy of 91.80 percent [4] for early detection of APT from an unknown domain by 98.14 percent.
Downloads
References
Code E. Advanced Persistent Threat. Understanding the Danger and How to Protect Your Organization. 1st Edition, Amsterdam: Elsevier 2012.
Hyunjoo Kim, Jonghyun Kim, Ikkyun Kim, Tai-myung Chung. Behavior-based anomaly detection on big data. Australian Information Security Management Conference 2015; 13: 73-80.
Luh R, Schrittwieser S, Marschalek S, Janicke H. Design of an Anomaly-based Threat Detection & Explication System. International Conference on Information Systems Security and Privacy 2017; l3: 397-402.
Ghafir I, et al. Hidden Markov Models and Alert Correlations for the Prediction of Advanced Persistent Threats. in IEEE Access 2019; 7: 99508-99520. doi: 10.1109/ACCESS.2019.2930200.
Merete Ask, Petro Bondarenko, John Erik Rekdal, Andre´ Nordb, Pieter Bloemerus, and Dmytro Piatkivskyi. Advanced persistent threat (apt) beyond the hype. Project Report in IMT4582 Network Security at Gjøvik University College, Springer 2013: 168
Parth Bhatt, Edgar Toshiro Yano, and Per Gustavsson. Towards a framework to detect multi-stage advanced persistent threats attacks. In 2014 IEEE 8th International Symposium on Service Oriented System Engineering. IEEE 2014.
Ross Brewer. Advanced persistent threats: minimizing the damage. Network Security 2014; 4(4): 5–9.
Guillaume Brogi and Valerie Viet Triem Tong. TerminAPTor: Highlighting advanced persistent threats through information flow tracking. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS). IEEE 2016.
Weigold. Blockchain, cryptography, and consensus 2016.
Vijaya Chandra J, Narasimham Challa, and Mohammed Ali Hussain. Data and information storage security from advanced persistent attack in cloud computing. International Journal of Applied Engineering Research 2014; 9(20): 7755–7768,
Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Francisco Aparicio-Navarro J, Khaled Rabie, and Ahmad Jabban. Disguised executable files in spear-phishing emails. In Proceedings of the 2nd International Conference on Future Networks and Distributed Systems -ICFNDS. ACM Press 2018.
Diego Mendez Mena, Ioannis Papapanagiotou, and Baijian Yang. Internet of things: Survey on security. Information Security Journal: A Global Perspective 2018; 27(3): 162–182.
Nurul Nuha Abdul Molok, Atif Ahmad, and Shanton Chang. A case analysis of securing organisations against information leakage through online social networking. International Journal of Information Management 2018; 43: 351–356.
Terry Nelms, Roberto Perdisci, Manos Antonakakis, and Mustaque Ahamad. Towards measuring and mitigating social engineering software download attacks. In USENIX Security Symposium 2016: 773–789.
Saurabh Singh, Young-Sik Jeong, and Jong Hyuk Park. A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications 2016; 75: 200–222.
Xu Wang, Kangfeng Zheng, Xinxin Niu, Bin Wu, and Chunhua Wu. Detection of command and control in advanced persistent threat based on independent access. In 2016 IEEE International Conference on Communications (ICC). IEEE 2016.
Zikria YB, Kim SW, Hahm O, Afzal MK, Aalsalem MY. Internet of Things (IoT) Operating Systems Management: Opportunities, Challenges, and Solution. Sensors 2019; 19: 1793.
Hasan M, Islam MM, Zarif MII, Hashem MMA. Attack and Anomaly Detection in IoT Sensors in IoT Sites Using Machine Learning Approaches. Internet Things 2019; 7: 100059.
Lucian C. Ongoing MD5 support endangers cryptographic protocols. https://www.computerworld.com/article/3020066/ongoing-md5-support-endangers-cryptographic-protocols.html
Khraisat A, Gondal I, Vamplew P, Kamruzzaman J. Survey of Intrusion Detection Systems: Techniques, Datasets and Challenges. Cybersecur. 2019; 2: 20.
Alloghani M, Al-Jumeily D, Hussain A, Mustafina J, Baker T, Aljaaf AJ. Implementation of Machine Learning and Data Mining to Improve Cybersecurity and Limit Vulnerabilities to Cyber Attacks. In Nature-Inspired Computation in Data Mining and Machine Learning 2020; 3: 47–76.
Web source: https://www.cyberscoop.com/chinese-iranian-hackers-front-companies/
Web source: https://www.cyberscoop.com/china-israel-iran-fireeye-hacking/
Plat D. IC2: Inequality and Concentration Indices and Curves. R package version 1.0-1. https://CRAN.R-project.org/package=IC2 2012.
https://github.com/CyberScienceLab/Our-Datasets
Veena RC, Brahmananda SH. A Significant Detection of APT using MD5 Hash Signature and Machine Learning Approach. Web source: https://www.mandiant.com/resources/m-trends-2021 2021.
Wu X, Hui H, Niu M, Li L, Wang L, He B, and Yang X. Deep learning-based multi-view fusion model for screening 2019 novel coronavirus pneumonia: A multicentre study. Eur. J. Radiol. 2020; 128: 109041
Javaheri T, et al. Covid CTNet: An open-source deep learning approach to identify COVID-19 using CT image. arXiv:2005.03059. [Online], Available: http://arxiv.org/abs/2005.03059 2020.
Liu Y, Chen Y, Yu H, Fang X, Gong C. Real Time Expert System for Anomaly Detection of Aerators Based on Computer Vision Technology and Existing Surveillance Cameras. arXiv 2018, arXiv:1810.04108 2018.
Glossary: Common DDoS Attack Types, Corero. Available online: https://www.corero.com/blog/glossary/ 2019.
Rajendran B. DNS amplification & DNS tunneling attacks simulation, detection and mitigation approaches. 2020 International Conference on Inventive Computation Technologies (ICICT) 2020: 230-6.
Zhang K, Ji W, Li N, Wang Y, Liao S. Detection of malicious domain name based on DNS data analysis. J Phys Conf Ser. 2020; 1544: 012169.
Palau F, Catania C, Guerra J, Garcia S, Rigaki M. DNS tunneling: a deep learning based lexicographical detection approach. Cryptography and Security 2020.
Vissers T, Barron T, van Goethem T, Joosen W, Nikiforakis N. The wolf of name street: hijacking domains through their nameservers. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security 2017: 957-70.
Alharbi F, Chang J, Zhou YC, Qian F, Qian ZY, et al. Collaborative client-side DNS cache poisoning attack. IEEE INFOCOM 2019-IEEE Conference on Computer Communications 2019.
Diego Mendez Mena, Ioannis Papapanagiotou, and Baijian Yang. Internet of things: Survey on security. Information Security Journal: A Global Perspective 2018; 27(3): 162–182.
Nurul Nuha Abdul Molok, Atif Ahmad, and Shanton Chang. A case analysis of securing organisations against information leakage through online social networking. International Journal of Information Management 2018; 43: 351–356.
Daesung Moon, Hyungjin Im, Jae Lee, and Jong Park. MLDS: Multi-layer defense system for preventing advanced persistent threats. Symmetry 2014; 6(4): 997–1010.
Kara Nance and Matt Bishop. Introduction to deception, digital forensics, and malware minitrack. In Proceedings of the 50th Hawaii International Conference on System Sciences 2017.
Terry Nelms, Roberto Perdisci, Manos Antonakakis, and Mustaque Ahamad. Towards measuring and mitigating social engineering software download attacks. In USENIX Security Symposium 2016: 773–789.
Protecting Your Critical Assets Lessons Learned from "Operation Aurora" By McAfee Labs and McAfee Found stone Professional Services, 2010. International Journal of Computer Applications 2016; 141(13): 0975 -8887.
Adelaiye OI, Showole A, & Faki SA. Evaluating Advanced Persistent Threats Mitigation Effects: A Review. International Journal of Information Security Science 2018; 7(4): 159-171.
Chen W, Helu X, Jin C, Zhang M, Lu H, Sun Y, & Tian Z. Advanced persistent threat organization identification based on software gene of malware. Transactions on Emerging Telecommunications Technologies 2020; 31(12): e3884.
Joloudari JH, Haderbadi M, Mashmool A, GhasemiGol M, Band SS, & Mosavi A. Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 2020; 8: 186125-186137. https://ieeexplore.ieee.org/abstract/document/9214817.
Steffens T. Attribution of Advanced Persistent Threats. Springer Berlin Heidelberg. https://link.springer.com/book/10.1007%2F978-3-662-61313-9 2020.
Yan D, Liu F, & Jia K. Modeling an information-based advanced persistent threat attack on the internal network. In ICC 2019-2019 IEEE International Conference on Communications (ICC) 2019: 1-7.
Zou Q. An Approach for Detection of Advanced Persistent Threat Attacks. Computer. IEEE Computer Society. https://www.researchgate.net/publication/347261373_An_Approach_for_Detection_of_Advanced_Persistent_Threat_Attacks 2020.
Surange G, Khatri P. Integrated intelligent IOT forensic framework for data acquisition through open-source tools. Int. j. inf. Tecnol. https://doi.org/10.1007/s41870-022-01025-5 2022.
Kataria S, Batra U. Co-clustering neighborhood—based collaborative filtering framework using formal concept analysis. Int. j. inf. tecnol. 2022; 14: 1725–1731. https://doi.org/10.1007/s41870-022-00913-0
Lekhraj, Kumar A, & Kumar A. An approach based on modified multiple attribute decision making for optimal node deployment in wireless sensor networks. Int. j. inf. tecnol. 2022; 14: 1805–1814. https://doi.org/10.1007/s41870-022-00919-8
Sharma A, Mishra PK. Performance analysis of machine learning based optimized feature selection approaches for breast cancer diagnosis. Int. j. inf. tecnol. 2022; 14: 1949–1960. https://doi.org/10.1007/s41870-021-00671-5
Song, Ch. A hybrid SEM and ANN approach to predict the individual cloud computing adoption based on the UTAUT2. Int. j. inf. tecnol. 2022. https://doi.org/10.1007/s41870-022-00936-7
Itoo F, Meenakshi & Singh S. Comparison and analysis of logistic regression, Naïve Bayes and KNN machine learning algorithms for credit card fraud detection. Int. j. inf. tecnol. 2021; 13: 1503–1511. https://doi.org/10.1007/s41870-020-00430-y
Dymora P, Mazurek M. Anomaly Detection in IoT Communication Network Based on Spectral Analysis and Hurst Exponent. Appl. Sci. 2019; 9: 5319.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
