DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks

Due to rapid growth of communications and networks, a cyber-attack with malicious codes has been coming as a new paradigm in information security area since last few years. In particular, an advanced persistent threats (APT) attack is bringing out big social issues. The APT attack uses social engineering methods to target various systems for intrusions. It breaks down the security of the target system to leak information or to destroy the system by giving monetary damages on the target. APT attacks make relatively simple attacks such as spear phishing during initial intrusion but a back door is created by leaking the long-term information after initial intrusion, and it transmits the malicious code by analyzing the internal network. In this paper, we propose an intrusion detection system based on the decision tree using analysis of behavior information to detect APT attacks that intellectually change after intrusion into a system. Furthermore, it can detect the possibility on the initial intrusion and minimize the damage size by quickly responding to APT attacks.

[1]  Dimitris Gritzalis,et al.  Trusted Computing vs. Advanced Persistent Threats: Can a Defender Win This Game? , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[2]  Biswajeet Pradhan,et al.  A comparative study on the predictive ability of the decision tree, support vector machine and neuro-fuzzy models in landslide susceptibility mapping using GIS , 2013, Comput. Geosci..

[3]  Eunjin Kim,et al.  A Novel Approach to Detect Malware Based on API Call Sequence Analysis , 2015, Int. J. Distributed Sens. Networks.

[4]  Levente Buttyán,et al.  Duqu: Analysis, Detection, and Lessons Learned , 2012 .

[5]  Hyun-Syug Kang A Real-Time Integrated Hierarchical Temporal Memory Network for the Real-Time Continuous Multi-Interval Prediction of Data Streams , 2015, J. Inf. Process. Syst..

[6]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[7]  Bazara I. A. Barry,et al.  Enhancing the Detection of Metamorphic Malware using Call Graphs , 2015 .

[8]  Ping Wang,et al.  Malware behavioural detection and vaccine development by using a support vector model classifier , 2015, J. Comput. Syst. Sci..

[9]  Lior Rokach,et al.  Novel active learning methods for enhanced PC malware detection in windows OS , 2014, Expert Syst. Appl..

[10]  R. Nigel Horspool,et al.  A framework for metamorphic malware analysis and real-time detection , 2015, Comput. Secur..

[11]  Bezawada Bruhadeshwar,et al.  Signature Generation and Detection of Malware Families , 2008, ACISP.

[12]  P. Sammulal,et al.  Anomaly detection using machine learning with a case study , 2014, 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies.

[13]  Wu Liu,et al.  Behavior-Based Malware Analysis and Detection , 2011, 2011 First International Workshop on Complexity and Data Mining.

[14]  PradhanBiswajeet A comparative study on the predictive ability of the decision tree, support vector machine and neuro-fuzzy models in landslide susceptibility mapping using GIS , 2013 .

[15]  Madhu Sharma Gaur,et al.  Trusted and secure clustering in mobile pervasive environment , 2015, Human-centric Computing and Information Sciences.

[16]  Md. Rafiqul Islam,et al.  Differentiating malware from cleanware using behavioural analysis , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[17]  Yanfang Ye,et al.  IMDS: intelligent malware detection system , 2007, KDD '07.

[18]  Aziz Mohaisen,et al.  AMAL: High-fidelity, behavior-based automated malware analysis and classification , 2014, Comput. Secur..

[19]  Dimitris Gritzalis,et al.  The Big Four - What We Did Wrong in Advanced Persistent Threat Detection? , 2013, 2013 International Conference on Availability, Reliability and Security.

[20]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[21]  Reza Azmi,et al.  MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach , 2014, Eng. Appl. Artif. Intell..