The Influences of Feature Sets on the Detection of Advanced Persistent Threats

Hofer-Schmitz, Katharina; Kleb, Ulrike; Stojanović, Branka

doi:10.3390/electronics10060704

Cited by 9 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e well-known network security public datasets CIC-IDS2017, CIC-IDS2018, and CIC-DDoS2019 are collected based on this feature extraction tool [33]. Due to its extensive application and good evaluation performance, CIC-FlowMeter has become one of the most effective collection tools for DDoS feature generation.…”

Section: Feature Generationmentioning

confidence: 99%

The Evaluation of DDoS Attack Effect Based on Neural Network

Guo¹,

Qiu²,

Liu³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

DDoS attack effect evaluation is the basis of security strategy deployment. The traditional effect evaluation method relies on the original data, ignoring the relationship between features and the evaluation target and indicator data redundancy, which affects the accuracy and reliability of the evaluation result. To this end, we introduce distance entropy to measure the similarity between features and evaluation target and use LSTM and Triplet networks to measure multiple correlations simultaneously. Then, a 2D-CNN is used to mine deep feature information and filter irrelevant information. We also combine 1D-CNN and attention models to achieve hierarchical sampling of different local features. Finally, three fully connected layers’ training obtains a total evaluation value. We conducted experiments on five commonly used DDoS datasets. The results showed that the average ranking accuracy of the neural network-based DDoS attack evaluation method (NNDE) reached 87.2%, 91.3%, 88%, 85.6%, and 94.5%, respectively. Compared with other evaluation methods, an average increase of 19.73% indicates that this method can better evaluate the effect of DDoS attacks.

show abstract

Section: Feature Generationmentioning

confidence: 99%

The Evaluation of DDoS Attack Effect Based on Neural Network

Guo¹,

Qiu²,

Liu³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Similar to a previous paper, [15], this work relies on two different datasets, namely, Contagio [37] and CICIDS2017 [38]. Whereas the former contains data on APT, the latter encompasses benign and attack data that resemble real-world data.…”

Section: Datasetsmentioning

confidence: 99%

“…This paper builds upon previous works from [14,15], where a novel two-stage approach for anomaly detection, relying on autoencoders, was introduced. In this work, we additionally investigated several anomaly-detection methods with an emphasis on filtering methods and performance evaluation on two datasets.…”

Section: Introductionmentioning

confidence: 97%

APT-Attack Detection Based on Multi-Stage Autoencoders

et al. 2022

Self Cite

View full text Add to dashboard Cite

In the face of emerging technological achievements, cyber security remains a significant issue. Despite the new possibilities that arise with such development, these do not come without a drawback. Attackers make use of the new possibilities to take advantage of possible security defects in new systems. Advanced-persistent-threat (APT) attacks represent sophisticated attacks that are executed in multiple steps. In particular, network systems represent a common target for APT attacks where known or yet undiscovered vulnerabilities are exploited. For this reason, intrusion detection systems (IDS) are applied to identify malicious behavioural patterns in existing network datasets. In recent times, machine-learning (ML) algorithms are used to distinguish between benign and anomalous activity in such datasets. The application of such methods, especially autoencoders, has received attention for achieving good detection results for APT attacks. This paper builds on this fact and applies several autoencoder-based methods for the detection of such attack patterns in two datasets created by combining two publicly available benchmark datasets. In addition to that, statistical analysis is used to determine features to supplement the anomaly detection process. An anomaly detector is implemented and evaluated on a combination of both datasets, including two experiment instances–APT-attack detection in an independent test dataset and in a zero-day-attack test dataset. The conducted experiments provide promising results on the plausibility of features and the performance of applied algorithms. Finally, a discussion is provided with suggestions of improvements in the anomaly detector.

show abstract