Machine learning for APT detection

Nowadays, countries face a multitude of electronic threats that have permeated almost all business sectors, be it private corporations or public institutions. Among these threats, advanced persistent threats (APTs) stand out as a well-known example. APTs are highly sophisticated and stealthy compute...

Full description

Saved in:
Bibliographic Details
Main Authors: Al-Aamri, Abdullah Said Ali, Abdulghafor, Rawad Abdulkhaleq Abdulmolla, Turaev, Sherzod, Al-Shaikhli, Imad Fakhri Taha, Zeki, Akram M., Talib, Shuhaili
Format: Article
Language:English
English
English
Published: MDPI 2023
Subjects:
Online Access:http://irep.iium.edu.my/108265/1/108265_Machine%20learning%20for%20APT%20detection.pdf
http://irep.iium.edu.my/108265/7/108265_Machine%20learning%20for%20APT%20detection_SCOPUS.pdf
http://irep.iium.edu.my/108265/13/108265_Machine%20Learning%20for%20APT%20Detection%20_%20WOS.pdf
http://irep.iium.edu.my/108265/
https://www.mdpi.com/2071-1050/15/18/13820
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Islam Antarabangsa Malaysia
Language: English
English
English
Description
Summary:Nowadays, countries face a multitude of electronic threats that have permeated almost all business sectors, be it private corporations or public institutions. Among these threats, advanced persistent threats (APTs) stand out as a well-known example. APTs are highly sophisticated and stealthy computer network attacks meticulously designed to gain unauthorized access and persist undetected threats within targeted networks for extended periods. They represent a formidable cybersecurity challenge for governments, corporations, and individuals alike. Recognizing the gravity of APTs as one of the most critical cybersecurity threats, this study aims to reach a deeper understanding of their nature and propose a multi-stage framework for automated APT detection leveraging time series data. Unlike previous models, the proposed approach has the capability to detect real-time attacks based on stored attack scenarios. This study conducts an extensive review of existing research, identifying its strengths, weaknesses, and opportunities for improvement. Furthermore, standardized techniques have been enhanced to enhance their effectiveness in detecting APT attacks. The learning process relies on datasets sourced from various channels, including journal logs, traceability audits, and systems monitoring statistics. Subsequently, an efficient APT detection and prevention system, known as the composition-based decision tree (CDT), has been developed to operate in complex environments. The obtained results demonstrate that the proposed approach consistently outperforms existing algorithms in terms of detection accuracy and effectiveness.