Hope Nkiruka Eke scite author profile

2019

Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. Due to their capability to navigates around defenses and to evade detection for a prolonged period of time, targeted APT attacks present an increasing concern for both cyber security and business continuity personnel. This paper explores the application of Artificial Immune System (AIS) and Recurrent Neural Networks (RNNs) variants for APT detection. It has been shown that the variants of the suggested algorithms provide not only detection capability, but can also classify malicious data traffic with respect to the type of APT attacks. CCS CONCEPTS • Computing methodologies → Artificial intelligence; Machine learning; Neural networks.

show abstract

Handling Minority Class Problem in Threats Detection Based on Heterogeneous Ensemble Learning Approach

2020

Multiclass problems, such as detecting multi-steps behaviour of advanced persistent threats (APTs), have been a major global challenge due to their capability to navigates around defenses and to evade detection for a prolonged period. Targeted APT attacks present an increasing concern for both cyber security and business continuity. Detecting the rare attack is a classification problem with data imbalance. This paper explores the applications of data resampling techniques together with heterogeneous ensemble approach for dealing with data imbalance caused by unevenly distributed data elements among classes with the focus on capturing the rare attack. It has been shown that the suggested algorithms provide not only detection capability but can also classify malicious data traffic corresponding to rare APT attacks.

show abstract

Framework for Detecting APTs Based on Steps Analysis and Correlation

et al. 2022

Detection of False Command and Response Injection Attacks for Cyber Physical Systems Security and Resilience

2020

The operational cyber-physical system (CPS) state, safety and resource availability is impacted by the safety and security measures in place. This paper focused on i) command injection (CI) attack that alters the system behaviour through injection of false control and configuration commands into a control system and ii) response injection (RI) attacks that modifies the response from server to client, thereby providing false information about system state. In this project, we implemented deep learning (DL) multi-layered security model approach for securing industrial control system (ICS) against malicious CI and RI attacks. We validated this approach with two case studies: i) network transactions between a Remote Terminal Unit (RTU) and a Master Control Unit (MTU) in-house SCADA gas pipeline control system and ii) a case study of command and response injection attacks. Based on this project result, we show that the proposed approach achieved a significant attacks detection capability of 96.50%. Also, demonstrated that performance of attack detection techniques applied can be influences by the nature of network transactions with respect to the domain of application. Hence, robustness and resilience of operational CPS state and performance are influenced by the safety and security measures in place which is specific to the CPS device in question. CCS CONCEPTS • Security and privacy → Distributed systems security.

show abstract

Advanced Persistent Threats Detection based on Deep Learning Approach

Petrovski²

2023