Machine learning for APT detection
Nowadays, countries face a multitude of electronic threats that have permeated almost all business sectors, be it private corporations or public institutions. Among these threats, advanced persistent threats (APTs) stand out as a well-known example. APTs are highly sophisticated and stealthy compute...
Saved in:
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English English English |
Published: |
MDPI
2023
|
Subjects: | |
Online Access: | http://irep.iium.edu.my/108265/1/108265_Machine%20learning%20for%20APT%20detection.pdf http://irep.iium.edu.my/108265/7/108265_Machine%20learning%20for%20APT%20detection_SCOPUS.pdf http://irep.iium.edu.my/108265/13/108265_Machine%20Learning%20for%20APT%20Detection%20_%20WOS.pdf http://irep.iium.edu.my/108265/ https://www.mdpi.com/2071-1050/15/18/13820 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Islam Antarabangsa Malaysia |
Language: | English English English |
Summary: | Nowadays, countries face a multitude of electronic threats that have permeated almost all business sectors, be it private corporations or public institutions. Among these threats, advanced persistent threats (APTs) stand out as a well-known example. APTs are highly sophisticated and stealthy computer network attacks meticulously designed to gain unauthorized access and persist undetected threats within targeted networks for extended periods. They represent a formidable cybersecurity challenge for governments, corporations, and individuals alike. Recognizing the gravity of APTs as one of the most critical cybersecurity threats, this study aims to reach a deeper understanding of their nature and propose a multi-stage framework for automated APT detection leveraging time series data. Unlike previous models, the proposed approach has the capability to
detect real-time attacks based on stored attack scenarios. This study conducts an extensive review of existing research, identifying its strengths, weaknesses, and opportunities for improvement. Furthermore, standardized techniques have been enhanced to enhance their effectiveness in detecting APT attacks. The learning process relies on datasets sourced from various channels, including journal logs, traceability audits, and systems monitoring statistics. Subsequently, an efficient APT detection and prevention system, known as the composition-based decision tree (CDT), has been developed to operate in complex environments. The obtained results demonstrate that the proposed approach consistently outperforms existing algorithms in terms of detection accuracy and effectiveness. |
---|