Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics

Zimba, Aaron; Chen, Hongsong; Wang, Zhaoshun; Chishimba, Mumbi

doi:10.1016/j.future.2020.01.032

Cited by 63 publications

(37 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The studies [3][4][5] analyzed a number of difficulties and challenges that made APT attack detections were not highly efficient including the lack of public data on the APT attacks, the data imbalance, using standard coding protocols, etc. Besides, APT attacks are designed specifically for each specific target and object, so if rely on the experience and data of single attacks, it will not be able to detect new attacks.…”

Section: Survey About Apt Attack Detection Modelsmentioning

confidence: 99%

“…This is shown in its persistence and ability to conceal and hide [1,2]. The studies [1][2][3][4] presented the definitions and concepts of terms: Advanced, Persistent, and Threat in this attack technique. Moreover, the studies [1,2] pointed 4 characteristics that highlight the difference between APT attack and other network attack techniques including Targeted, Persistent, Evasive, and Complex.…”

Section: Introduction To Apt Attackmentioning

confidence: 99%

See 1 more Smart Citation

Detecting APT Attacks Based on Network Traffic Using Machine Learning

Xuan

2021

JWE

View full text Add to dashboard Cite

Advanced Persistent Threat (APT) attacks are a form of malicious, intentionally and clearly targeted attack. By using many sophisticated and complicated methods and technologies to attack targets in order to obtain confidential and sensitive information. In fact, in order to detect APT attacks, detection systems often need to apply many parallel and series techniques in order to make the most of the advantages as well as minimize the disadvantages of each technique. Therefore, in this paper, we propose a method of detecting APT attacks based on abnormal behaviors of Network traffic using machine learning. Accordingly, in our research, the abnormal behavior of APT attacks in Network Traffic will be defined on both components: Domain and IP. Then, these behaviors are evaluated and classified based on the Random Forest classification algorithm to conclude about the behavior of APT attacks. Details of the definition of abnormal behaviors of the Domain and IP will be presented in section 3.2 of the paper. The synchronous APT attack detection method proposed in this paper is a novel approach, which will help information security systems detect quickly and accurately signs of the APT attack campaign in the organization. The experimental results presented in section 4 will demonstrate the effectiveness of our proposed method.

show abstract

Section: Survey About Apt Attack Detection Modelsmentioning

confidence: 99%

Section: Introduction To Apt Attackmentioning

confidence: 99%

Detecting APT Attacks Based on Network Traffic Using Machine Learning

Xuan

2021

JWE

View full text Add to dashboard Cite

show abstract

“…where α 2 tr W T HLH T W denotes the graph regularization term, W 2 1 is the l 1 norm regularization, and α is a trade-off parameter. The solution for W as follows:…”

Section: B Semi-supervised Extreme Learning Machine (Sselm)mentioning

confidence: 99%

“…Ξ ∈ R n×n is a matrix with all elements as 1. The last term β X − XS 2 F is the data self-representativeness constraint that is useful for the affinity matrix estimation. To solve Eq.…”

Section: Non-negative Sparse Graph Framework (Nnsg)mentioning

confidence: 99%

“…In 'Binarization' feature we set that when gray value of any pixel in the image equals or is greater than 100, the pixel with equal to 255. otherwise, the pixel equal 0. In 'hog' feature we set that parameter, orientations=20, pixelspercell= [9,9], cellsperblock= [3,3],and orientations=20, pixelspercell= [4,4], cellsperblock= [2,2],to generate two different 'hog' feature, 'hog1' and 'hog2'. In 'LBP' feature we set that parameter, P = 8,and R = 1,to generate 'LBP' feature, where P denote number of circularly symmetric neighbour setting points (quantization of the angular space), and R is radius of circle (spatial resolution of the operator).…”

Section: Image Datasetsmentioning

confidence: 99%

See 1 more Smart Citation

A Novel Adaptive Multi-View Non-Negative Graph Semi-Supervised ELM

et al. 2020

View full text Add to dashboard Cite

This paper represents a semi-supervised learning framework, which integrates multi-view learning, extreme learning machine (ELM) and graph-based semi-supervised learning. The aim is to expand the scope of adaptation of non-negative sparse graph (NNSG) framework, under a multi-view condition and a non-linear relationship. The proposed multi-view learning method will be adaptive since when data is single-view the framework will degenerate into an embedded framework for NNSG framework. The proposed ELM method also will be adaptive since the number of hidden layer neuron will change with different number of input and output layer neuron. The combination of both proposed methods outperforms traditional graph-based semisupervised learning, such as flexible manifold embedding (FME) and NNSG framework, which can not establish an affinity matrix for multi-view and can not establish a non-liner model for unknown data. Unlike traditional graph-based semi-supervised learning methods, which only can label propagation and build linear regression models for single or multi-view data, our proposed method has an obvious advantage that is applicable to any single or multi-view data, and builds linear or non-linear models. We provides extensive experiments on four public database in order to evaluate the performance of the proposed method. These experiments demonstrate significant improvement over the state-of-the-art algorithms in label propagation and processing of new data. INDEX TERMS Graph-based semi-supervised learning, Multi-view learning, Semi-supervised ELM, Graph learning.

show abstract

Fuzzy inference based feature selection and optimized deep learning for Advanced Persistent Threat attack detection

Kumar,

Noliya,

Makani

2023

Adaptive Control & Signal

View full text Add to dashboard Cite

SummaryOne of the attacks that have rapidly happen is Advanced Persistent Threat (APT). APT attacks contain different sophisticated approaches and methods of attacking targets for stealing confidential as well as sensitive information. This research introduced novel and effective APT attack detection techniques, namely Smart Flower Cosine Algorithm‐driven Deep Convolutional Neural Network (SFCA‐DeepCNN). Here, the APT attack detection is done by the DeepCNN, wherein the weight of DeepCNN is updated by the proposed SFCA. The SFCA is modeled by unifying the Smart Flower Optimization Algorithm (SFOA) and Sine Cosine Algorithm (SCA). Additionally, the pre‐processing process is done by Quantile normalization, and the features are chosen based on the fuzzy‐based distance measures. Moreover, data augmentation is done to increase the size of data by performing the oversampling that avoids the overfitting problems. Furthermore, the proposed optimized deep learning scheme detects the accurate APT detection outcome. The performance improvement of the proposed method for testing accuracy is 9.417%, 10.47%, 4.232%, and 3.068% higher than the existing methods, such as, Deep Learning, Support Vector Machine (SVM), Bidirectional Long Short‐Term Memory (Bi‐LSTM), and Hidden Markov Model (HMM).

show abstract

Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics

Cited by 63 publications

References 33 publications

Detecting APT Attacks Based on Network Traffic Using Machine Learning

Detecting APT Attacks Based on Network Traffic Using Machine Learning

A Novel Adaptive Multi-View Non-Negative Graph Semi-Supervised ELM

Fuzzy inference based feature selection and optimized deep learning for Advanced Persistent Threat attack detection

Contact Info

Product

Resources

About