DMAPT: Study of Data Mining and Machine Learning Techniques in Advanced Persistent Threat Attribution and Detection

Charan, P.V. Sai; Anand, P. Mohan; Shukla, Sandeep K.

doi:10.5772/intechopen.99291

Cited by 2 publications

(2 citation statements)

References 18 publications

(22 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In recent times, however, ML has increasingly found its way into the realm of cybersecurity applications [9][10][11][12] and, subsequently, the detection of APT attacks [1,13]. Common ML methods in the latter domain include signature-based detection, behaviour-based detection, monitoring [17] and data mining [18]. Regarding APT attacks, however, not many works deal with this aspect of cybersecurity.…”

Section: Related Workmentioning

confidence: 99%

APT-Attack Detection Based on Multi-Stage Autoencoders

et al. 2022

View full text Add to dashboard Cite

In the face of emerging technological achievements, cyber security remains a significant issue. Despite the new possibilities that arise with such development, these do not come without a drawback. Attackers make use of the new possibilities to take advantage of possible security defects in new systems. Advanced-persistent-threat (APT) attacks represent sophisticated attacks that are executed in multiple steps. In particular, network systems represent a common target for APT attacks where known or yet undiscovered vulnerabilities are exploited. For this reason, intrusion detection systems (IDS) are applied to identify malicious behavioural patterns in existing network datasets. In recent times, machine-learning (ML) algorithms are used to distinguish between benign and anomalous activity in such datasets. The application of such methods, especially autoencoders, has received attention for achieving good detection results for APT attacks. This paper builds on this fact and applies several autoencoder-based methods for the detection of such attack patterns in two datasets created by combining two publicly available benchmark datasets. In addition to that, statistical analysis is used to determine features to supplement the anomaly detection process. An anomaly detector is implemented and evaluated on a combination of both datasets, including two experiment instances–APT-attack detection in an independent test dataset and in a zero-day-attack test dataset. The conducted experiments provide promising results on the plausibility of features and the performance of applied algorithms. Finally, a discussion is provided with suggestions of improvements in the anomaly detector.

show abstract

Section: Related Workmentioning

confidence: 99%

APT-Attack Detection Based on Multi-Stage Autoencoders

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Traditional security defense techniques are becoming increasingly difficult to meet the new security defense requirements because of the continuous development and evolution of attack techniques. Traditional security defenses can be bypassed by attackers using a variety of techniques, including new vulnerabilities, malware, and other means [7][8][9].…”

Section: Introductionmentioning

confidence: 99%

Knowledge Graph Based Large Scale Network Security Threat Detection Techniques

2024

Applied Mathematics and Nonlinear Sciences

View full text Add to dashboard Cite

This paper constructs a detection technique for large-scale network security threats based on a knowledge graph, extracts the attack features of network security threats using feature template FT, and combines the CNN layer, BiLSTM layer and CRF layer to establish FT-CNN-BiLSTM-CRF large-scale network security threat detection technique. Network security threat performance evaluation experiments and multi-step attack experiments have verified the detection capability of this paper's method. The recall rate of the method built in this paper in detecting malicious data is about 62.39%, the average F1-Score for normal and malicious traffic detection is 0.7482, and the anomaly score for normal traffic detection is almost 0. The detection performance of this paper's method for multi-step network attacks is superior to that of other methods, and it is capable of detecting malicious attacks quickly. Experiments have proved that the method constructed in this paper can meet the requirements of detection capability and efficiency in large-scale network security threats and has high feasibility and application value.

show abstract

DMAPT: Study of Data Mining and Machine Learning Techniques in Advanced Persistent Threat Attribution and Detection

Cited by 2 publications

References 18 publications

APT-Attack Detection Based on Multi-Stage Autoencoders

APT-Attack Detection Based on Multi-Stage Autoencoders

Knowledge Graph Based Large Scale Network Security Threat Detection Techniques

Contact Info

Product

Resources

About