Discovering unknown advanced persistent threat using shared features mined by neural networks

Shang, Longkang; Guo, Dong; Ji, Yuede; Li, Qiang

doi:10.1016/j.comnet.2021.107937

Cited by 21 publications

(11 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-Shang et al 26 Neural networks for identifying the unknown APT attack based on the shared features.…”

Section: Authors Methods Advantages Disadvantagesmentioning

confidence: 99%

See 1 more Smart Citation

Fuzzy inference based feature selection and optimized deep learning for Advanced Persistent Threat attack detection

Kumar,

Noliya,

Makani

2023

Adaptive Control & Signal

View full text Add to dashboard Cite

SummaryOne of the attacks that have rapidly happen is Advanced Persistent Threat (APT). APT attacks contain different sophisticated approaches and methods of attacking targets for stealing confidential as well as sensitive information. This research introduced novel and effective APT attack detection techniques, namely Smart Flower Cosine Algorithm‐driven Deep Convolutional Neural Network (SFCA‐DeepCNN). Here, the APT attack detection is done by the DeepCNN, wherein the weight of DeepCNN is updated by the proposed SFCA. The SFCA is modeled by unifying the Smart Flower Optimization Algorithm (SFOA) and Sine Cosine Algorithm (SCA). Additionally, the pre‐processing process is done by Quantile normalization, and the features are chosen based on the fuzzy‐based distance measures. Moreover, data augmentation is done to increase the size of data by performing the oversampling that avoids the overfitting problems. Furthermore, the proposed optimized deep learning scheme detects the accurate APT detection outcome. The performance improvement of the proposed method for testing accuracy is 9.417%, 10.47%, 4.232%, and 3.068% higher than the existing methods, such as, Deep Learning, Support Vector Machine (SVM), Bidirectional Long Short‐Term Memory (Bi‐LSTM), and Hidden Markov Model (HMM).

show abstract

“…-Shang et al 26 Neural networks for identifying the unknown APT attack based on the shared features.…”

Section: Authors Methods Advantages Disadvantagesmentioning

confidence: 99%

“…The processing time assumed by the proposed model was high. Shang et al 26 introduced neural networks for identifying the unknown APT attack based on the shared features. Moreover, the proposed method resolved the issues caused by the unidentified malicious network flow.…”

Section: Motivationmentioning

confidence: 99%

Fuzzy inference based feature selection and optimized deep learning for Advanced Persistent Threat attack detection

Kumar,

Noliya,

Makani

2023

Adaptive Control & Signal

View full text Add to dashboard Cite

show abstract

“…After successfully compromising the target network, the APT attacker continuously invades the internal core network devices based on the control of the internal network devices already gained, which usually requires establishing a command and control communication channel between the C&C server and the target infected host [ 16 , 17 , 18 , 19 ]. In this process, the data transmitted between the malware and the C&C server are usually encrypted with SSL, so it is difficult for the target network’s defense system to determine whether the data transmitted in the communication channel are malicious communication with the C&C server or normal communication with a normal external server.…”

Section: Related Workmentioning

confidence: 99%

APT Attack Detection Scheme Based on CK Sketch and DNS Traffic

Xue

Chi

et al. 2023

Sensors

View full text Add to dashboard Cite

In recent years, Advanced Persistent Threat (APT) attacks against sensors have emerged as a prominent security concern. Due to the low level of protection provided by sensors, APT attack organizations are able to develop intrusion schemes that allow them to infiltrate, attack, lurk, spread, and steal information from the target over an extended period of time. Through extensive research on the APT attack process and current defense mechanisms, it has been found that analyzing Domain Name Server (DNS) traffic in the communication control phase is an effective way of detecting APT attacks. However, analyzing APT attacks based on traffic usually involves the detection of a vast amount of DNS traffic, and current data preprocessing methods do not scale down data effectively, leading to low detection efficiency. In previous work, most efforts have been focused on calculating the features of request messages or corresponding messages without considering the association between request messages and corresponding messages. To address these issues, we propose a sketch-based APT attack traffic detection scheme. The scheme leverages the sketch structure to count and compress network traffic, improving the efficiency of APT detection. Our work also analyzes the limitations of traditional sketches in network traffic and proposes an improved sketch scheme. In addition, we propose several effective features for detecting APT attacks. We validate and evaluate our solution using 1,088,280 DNS traffic from a lab network and APT suspicious traffic from netresec and contagio, using eight machine learning models. The experimental results show that for the ExtraTrees model, our solution has a processing time of 0.0638 s and an accuracy of 0.97920, reducing the processing time by approximately 50 times and improving detection accuracy by a small margin compared to a dataset without sketch processing.

show abstract

“…Real-time applications based on IoT-Cloud servers are most prone to security attacks as per the above literature and discussion. Delay is also a major factor for encryption and decryption, where attackers can obtain easy entry to the servers' channels; delay can give rise to many attacks [15]. Data sensitivity matters a lot, e.g., financial statements can be grouped into bags of words and data can be categorized into three groups.…”

Section: Problem Definition and Motivationmentioning

confidence: 99%

“…Advanced Persistent Threats (APTs): These types of threats are made by an unauthorized person who tries to obtain access of the system to gain the data rather than destroy it [15].…”

mentioning

confidence: 99%

Hybrid Technique for Cyber-Physical Security in Cloud-Based Smart Industries

Garg

Rani

Herencsár

et al. 2022

Sensors

View full text Add to dashboard Cite

New technologies and trends in industries have opened up ways for distributed establishment of Cyber-Physical Systems (CPSs) for smart industries. CPSs are largely based upon Internet of Things (IoT) because of data storage on cloud servers which poses many constraints due to the heterogeneous nature of devices involved in communication. Among other challenges, security is the most daunting challenge that contributes, at least in part, to the impeded momentum of the CPS realization. Designers assume that CPSs are themselves protected as they cannot be accessed from external networks. However, these days, CPSs have combined parts of the cyber world and also the physical layer. Therefore, cyber security problems are large for commercial CPSs because the systems move with one another and conjointly with physical surroundings, i.e., Complex Industrial Applications (CIA). Therefore, in this paper, a novel data security algorithm Dynamic Hybrid Secured Encryption Technique (DHSE) is proposed based on the hybrid encryption scheme of Advanced Encryption Standard (AES), Identity-Based Encryption (IBE) and Attribute-Based Encryption (ABE). The proposed algorithm divides the data into three categories, i.e., less sensitive, mid-sensitive and high sensitive. The data is distributed by forming the named-data packets (NDPs) via labelling the names. One can choose the number of rounds depending on the actual size of a key; it is necessary to perform a minimum of 10 rounds for 128-bit keys in DHSE. The average encryption time taken by AES (Advanced Encryption Standard), IBE (Identity-based encryption) and ABE (Attribute-Based Encryption) is 3.25 ms, 2.18 ms and 2.39 ms, respectively. Whereas the average time taken by the DHSE encryption algorithm is 2.07 ms which is very much less when compared to other algorithms. Similarly, the average decryption times taken by AES, IBE and ABE are 1.77 ms, 1.09 ms and 1.20 ms and the average times taken by the DHSE decryption algorithms are 1.07 ms, which is very much less when compared to other algorithms. The analysis shows that the framework is well designed and provides confidentiality of data with minimum encryption and decryption time. Therefore, the proposed approach is well suited for CPS-IoT.

show abstract

Discovering unknown advanced persistent threat using shared features mined by neural networks

Cited by 21 publications

References 21 publications

Fuzzy inference based feature selection and optimized deep learning for Advanced Persistent Threat attack detection

Fuzzy inference based feature selection and optimized deep learning for Advanced Persistent Threat attack detection

APT Attack Detection Scheme Based on CK Sketch and DNS Traffic

Hybrid Technique for Cyber-Physical Security in Cloud-Based Smart Industries

Contact Info

Product

Resources

About