Cyber threats have been an issue of great concern since the advent of the information (computer and internet) age. But of greater concern is the most recent class of threats, known as Advanced Persistent Threats (APTs). It has drawn increasing attention all over the world, from researchers, and the industrial security sector. APTs are sophisticated cyber-attacks executed by sophisticated and well-resourced adversaries targeting specific information in companies and government. APT is a long-term campaign involving different steps. This form of attack if successful has significant implications to countries and large organizations, which may be from financial to reputational damage. This work presents a comprehensive study on APT, characterizing its uniqueness and attack model, and analyzing techniques commonly seen in APT attacks. On evaluating mitigation effects proposed and developed by researches, the use of a multiple mitigation methods shows good signs in detecting and preventing APT. Anomaly detection and dynamic analysis show high accuracy levels in detecting APT. This work also highlights and recommends security tips as well as methods of implementing countermeasures that can help to mitigate APTs, thereby giving directions for future research.
Rated a high-risk cyber-attack type, Advanced Persistent Threat (APT) has become a cause for concern to cyber security experts. Detecting the presence of APT in order to mitigate this attack has been a major challenge as successful attacks to large organizations still abound. Our approach combines static rule anomaly detection through pattern recognition and machine learning-based classification technique in mitigating the APT. (1) The rules-based on patterns are derived using statistical analysis majorly Kruskal Wallis test for association. A Packet Capture (PCAP) dataset with 1,047,908 packet header data is analyzed in an attempt, to identify malicious versus normal data traffic patterns. 90% of the attack traffic utilizes unassigned and dynamic/private ports and, also data sizes of between 0 and 58 bytes.(2) The machine learning approach narrows down the algorithm utilized by evaluating the accuracy levels of four algorithms: K-Nearest Neighbor (KNN), Support Vector Machine (SVM), Decision Tree and Random Forest with the accuracies 99.74, 87.11, 99.84 and 99.90 percent respectively. A load balance approach and modified entropy formula was applied to Random Forest. The model combines the two techniques giving it a minimum accuracy of 99.95% with added capabilities of detecting false positives. The results for both methods are matched in order to make a final decision. This approach can be easily adopted, as the data required is packet header data, visible in every network and provides results with commendable levels of accuracy, and the challenges of false positives greatly reduced.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.