The use of machine learning algorithms for detecting advanced persistent threats

Abstract: Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. Due to their capability to navigates around defenses and to evade detection for a prolonged period of time, targeted APT attacks present an increasing concern for both cyber security and business continuity personnel. This paper explores the application of Artificial Immune System (AIS) and Recurrent Neural Networks (RNNs) variants for APT detection. It has been s… Show more

“…for visual representation). However, any approaches which do not take into consideration the imbalance distribution of class elements, may lead to increase difficulty of the classification task as observed in the previous study (Eke et al, 2019).…”

“…Recurrent neural network (RNN) is an effective class of artificial neural network (ANN) that is used when dealing with complex supervised and unsupervised tasks ( KP, 2019) and (Muñoz et al, 2019). Recently, deep learning techniques have been applied in cyber security (Eke et al, 2019) and (McDermott et.al, 2019). RNN and its variants has the capability to detect the cyber attacks by learning the complex underlying structure and hierarchical feature representations from a huge set of networks traffic data.…”

“…RNN and its variants has the capability to detect the cyber attacks by learning the complex underlying structure and hierarchical feature representations from a huge set of networks traffic data. The authors (Eke et al, 2019), proposed a novel approach and implemented using deep neural networks for APT multi-step − detection which takes stacked LSTM-RNNs networks to automatically learn features from the raw data to capture the malicious patterns. Although this approach achieved a significant average accuracy of 99.99% for LSTM, GRU and RNN on differentiating attacks from normal instances but the model tends to be more suitable for classifying high-frequency (majority classes) attacks and also the low frequency attacks (minority classes) with lower confidence prediction of 62.50%, 56.20% and 37.50% for LSTM, GRU and RNN respectively on multi attack detection.…”

“…RNN emerged as a powerful approach for deep learning architecture generally applicable for time-series data modelling. Despite the RNN and its variant networks remarkable performance in long standing AI sequence data modelling tasks such as time-series analysis, speech recognition and machine translation (Eke et al, 2019) and (LeCun et.al, 2015), applying the same in cyber security task is in early stage of development (Vinayakumar et.al, 2017).…”

Handling Minority Class Problem in Threats Detection Based on Heterogeneous Ensemble Learning Approach

“…for visual representation). However, any approaches which do not take into consideration the imbalance distribution of class elements, may lead to increase difficulty of the classification task as observed in the previous study (Eke et al, 2019).…”

“…Recurrent neural network (RNN) is an effective class of artificial neural network (ANN) that is used when dealing with complex supervised and unsupervised tasks ( KP, 2019) and (Muñoz et al, 2019). Recently, deep learning techniques have been applied in cyber security (Eke et al, 2019) and (McDermott et.al, 2019). RNN and its variants has the capability to detect the cyber attacks by learning the complex underlying structure and hierarchical feature representations from a huge set of networks traffic data.…”

“…RNN and its variants has the capability to detect the cyber attacks by learning the complex underlying structure and hierarchical feature representations from a huge set of networks traffic data. The authors (Eke et al, 2019), proposed a novel approach and implemented using deep neural networks for APT multi-step − detection which takes stacked LSTM-RNNs networks to automatically learn features from the raw data to capture the malicious patterns. Although this approach achieved a significant average accuracy of 99.99% for LSTM, GRU and RNN on differentiating attacks from normal instances but the model tends to be more suitable for classifying high-frequency (majority classes) attacks and also the low frequency attacks (minority classes) with lower confidence prediction of 62.50%, 56.20% and 37.50% for LSTM, GRU and RNN respectively on multi attack detection.…”

“…RNN emerged as a powerful approach for deep learning architecture generally applicable for time-series data modelling. Despite the RNN and its variant networks remarkable performance in long standing AI sequence data modelling tasks such as time-series analysis, speech recognition and machine translation (Eke et al, 2019) and (LeCun et.al, 2015), applying the same in cyber security task is in early stage of development (Vinayakumar et.al, 2017).…”

Handling Minority Class Problem in Threats Detection Based on Heterogeneous Ensemble Learning Approach

“…The above characteristics and process of APT attack demonstrate that APT attack technique is very difficult to detect. The studies [1,4,5,6,7] presented and evaluated three current main approaches for detecting APT attacks: sign-based, based on behavior analysis, and based on graph analysis. Accordingly, nowadays APT attack detection technique based on behavior analysis is being widely applied because of its effectiveness in detecting APT attacks.…”

Detecting APT attacks based on Network Flow

A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection