论文信息 - Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine

Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine

Traditional network attack and hacking models are constantly evolving to keep pace with the rapid development of network technology. Advanced persistent threat (APT), usually organized by a hacker group, is a complex and targeted attack method. A long period of strategic planning and information search usually precedes an attack on a specific goal. Focus is on a targeted object and customized specific methods are used to launch the attack and obtain confidential information. This study offers an attack detection system that enables early discovery of the APT attack. The system uses the NSL-KDD database for attack detection and verification. The main method uses principal component analysis (PCA) for feature sampling and the enhancement of detection efficiency. The advantages and disadvantages of using the classifiers are then compared to detect the dataset, the classifier supports the vector machine, naive Bayes classification, the decision tree and neural networks. Results of the experiments show the support vector machine (SVM) to have the highest recognition rate, reaching 97.22% (for the trained subdata A). The purpose of this study was to establish an APT early warning model mechanism, that could be used to reduce the impact and influence of APT attacks.

[1] Nan Zhang,et al. Twin support vector machine: theory, algorithm and applications , 2017, Neural Computing and Applications.

[2] Age K. Smilde,et al. Principal Component Analysis , 2003, Encyclopedia of Machine Learning.

[3] Wiem Tounsi,et al. A survey on technical threat intelligence in the age of sophisticated cyber attacks , 2018, Comput. Secur..

[4] Qian Du,et al. Hyperspectral Image Compression Using JPEG2000 and Principal Component Analysis , 2007, IEEE Geoscience and Remote Sensing Letters.

[5] Ashraf Darwish,et al. Principle components analysis and Support Vector Machine based Intrusion Detection System , 2010, 2010 10th International Conference on Intelligent Systems Design and Applications.

[6] André Ricardo Abed Grégio,et al. Who Watches the Watchmen , 2018, ACM Comput. Surv..

[7] John McHugh,et al. Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[8] Philip S. Yu,et al. Top 10 algorithms in data mining , 2007, Knowledge and Information Systems.

[9] S. Joe Qin,et al. Multivariate process monitoring and fault diagnosis by multi-scale PCA , 2002 .

[10] X. Chen. LTSA Algorithm for Dimension Reduction of Microarray Data , 2013 .