Early Detection of the Advanced Persistent Threat Attack Using Performance Analysis of Deep Learning

One of the most common and important destructive attacks on the victim system is Advanced Persistent Threat (APT)-attack. The APT attacker can achieve his hostile goals by obtaining information and gaining financial benefits regarding the infrastructure of a network. One of the solutions to detect a secret APT attack is using network traffic. Due to the nature of the APT attack in terms of being on the network for a long time and the fact that the network may crash because of high traffic, it is difficult to detect this type of attack. Hence, in this study, machine learning methods such as C5.0 decision tree, Bayesian network and deep neural network are used for timely detection and classification of APT-attacks on the NSL-KDD dataset. Moreover, 10-fold cross validation method is used to experiment these models. As a result, the accuracy (ACC) of the C5.0 decision tree, Bayesian network and 6-layer deep learning models is obtained as 95.64%, 88.37% and 98.85%, respectively, and also, in terms of the important criterion of the false positive rate (FPR), the FPR value for the C5.0 decision tree, Bayesian network and 6-layer deep learning models is obtained as 2.56, 10.47 and 1.13, respectively. Other criterions such as sensitivity, specificity, accuracy, false negative rate and F-measure are also investigated for the models, and the experimental results show that the deep learning model with automatic multi-layered extraction of features has the best performance for timely detection of an APT-attack comparing to other classification models.

[1]  Levente Buttyán,et al.  The Cousins of Stuxnet: Duqu, Flame, and Gauss , 2012, Future Internet.

[2]  Amir Mosavi,et al.  Hybrid Machine Learning Model of Extreme Learning Machine Radial basis function for Breast Cancer Detection and Diagnosis; a Multilayer Fuzzy Expert System , 2019, 2020 RIVF International Conference on Computing and Communication Technologies (RIVF).

[3]  Chunhua Su,et al.  Special Issue on Advanced Persistent Threat , 2018, Future Gener. Comput. Syst..

[4]  Jürgen Schmidhuber,et al.  Deep learning in neural networks: An overview , 2014, Neural Networks.

[5]  Yoshua Bengio,et al.  Maxout Networks , 2013, ICML.

[6]  Amy Loutfi,et al.  A review of unsupervised feature learning and deep learning for time-series modeling , 2014, Pattern Recognit. Lett..

[7]  Timo D. Hämäläinen,et al.  A Novel Deep Learning Stack for APT Detection , 2019, Applied Sciences.

[8]  Shahaboddin Shamshirband,et al.  Computer-aided decision-making for predicting liver disease using PSO-based optimized SVM with feature selection , 2019, Informatics in Medicine Unlocked.

[9]  Qing Zhu,et al.  Graph Embedding Deep Learning Guides Microbial Biomarkers' Identification , 2019, Front. Genet..

[10]  Ronald Davis,et al.  Neural networks and deep learning , 2017 .

[11]  Dijiang Huang,et al.  A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities , 2019, IEEE Communications Surveys & Tutorials.

[12]  Ye Wang,et al.  A Survey of Exploitation Techniques and Defenses for Program Data Attacks , 2020, J. Netw. Comput. Appl..

[13]  Edgar Toshiro Yano,et al.  Towards a Framework to Detect Multi-stage Advanced Persistent Threats Attacks , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[14]  Mike Auty Anatomy of an advanced persistent threat , 2015, Netw. Secur..

[15]  Jong Hyuk Park,et al.  A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions , 2019, The Journal of Supercomputing.

[16]  Aboul Ella Hassanien,et al.  Multi-layer hybrid machine learning techniques for anomalies detection and classification approach , 2013, 13th International Conference on Hybrid Intelligent Systems (HIS 2013).

[17]  V. S. Shankar Sriram,et al.  An efficient intrusion detection system based on hypergraph - Genetic algorithm for parameter optimization and feature selection in support vector machine , 2017, Knowl. Based Syst..

[18]  Amir Mosavi,et al.  Coronary Artery Disease Diagnosis; Ranking the Significant Features Using a Random Trees Model , 2020, International journal of environmental research and public health.

[19]  Russell Greiner,et al.  Learning Bayesian Belief Network Classifiers: Algorithms and System , 2001, Canadian Conference on AI.

[20]  Dimitris Gritzalis,et al.  The Big Four - What We Did Wrong in Advanced Persistent Threat Detection? , 2013, 2013 International Conference on Availability, Reliability and Security.

[21]  Timo Hämäläinen,et al.  A Novel Method for Detecting APT Attacks by Using OODA Loop and Black Swan Theory , 2018, CSoNet.

[22]  Marco Balduzzi,et al.  Targeted attacks detection with SPuNge , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[23]  Florian Skopik,et al.  Combating advanced persistent threats: From network event correlation to incident detection , 2015, Comput. Secur..

[24]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[25]  Heba F. Eid,et al.  Hybrid Intelligent Intrusion Detection Scheme , 2011 .

[26]  Joseph K. Liu,et al.  Privacy-preserving personal data operation on mobile cloud - Chances and challenges over advanced persistent threat , 2018, Future Gener. Comput. Syst..

[27]  Khaled M. Rabie,et al.  Detection of advanced persistent threat using machine-learning correlation analysis , 2018, Future Gener. Comput. Syst..

[28]  Sangarapillai Lambotharan,et al.  Hidden Markov Models and Alert Correlations for the Prediction of Advanced Persistent Threats , 2019, IEEE Access.

[29]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[30]  Thomas M. Chen,et al.  Lessons from Stuxnet , 2011, Computer.

[31]  Juhan Nam,et al.  Multimodal Deep Learning , 2011, ICML.

[32]  Chih-Jer Lin,et al.  Detection and Classification of Advanced Persistent Threats and Attacks Using the Support Vector Machine , 2019, Applied Sciences.

[33]  Shoushan Luo,et al.  A two-level hybrid approach for intrusion detection , 2016, Neurocomputing.

[34]  Ross Brewer,et al.  Advanced persistent threats: minimising the damage , 2014, Netw. Secur..

[35]  Yoshua. Bengio,et al.  Learning Deep Architectures for AI , 2007, Found. Trends Mach. Learn..

[36]  Emilie Hogan,et al.  A graph analytic metric for mitigating advanced persistent threat , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[37]  Dong Yu,et al.  Deep Learning: Methods and Applications , 2014, Found. Trends Signal Process..

[38]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[39]  Michele Colajanni,et al.  Analysis of high volumes of network traffic for Advanced Persistent Threat detection , 2016, Comput. Networks.

[40]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[41]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[42]  Maryam Ghanavati,et al.  Intrusion detection system with decision tree and combine method algorithm , 2019, International Academic Journal of Science and Engineering.

[43]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[44]  Anamika Yadav,et al.  Performance analysis of NSL-KDD dataset using ANN , 2015, 2015 International Conference on Signal Processing and Communication Engineering Systems.

[45]  M. M. A. Hashem,et al.  Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches , 2019, Internet Things.

[46]  Levente Buttyán,et al.  Duqu: Analysis, Detection, and Lessons Learned , 2012 .