A novel approach for detecting advanced persistent threats

Cyber security has been drawing massive attention in recent years due to human reliance on new technology, and systems. Therefore, securing these systems against cyber-attacks has become an essential task nowadays. The advanced persistent threat is one of the most sophisticated cyber-attacks in whic...

Full description

Saved in:
Bibliographic Details
Published in:Egyptian informatics journal 2022-12, Vol.23 (4), p.45-55
Main Authors: Al-Saraireh, Jaafer, Masarweh, Ala'
Format: Article
Language:English
Subjects:
Advanced persistent threat
Analysis of variance
eXtreme gradient boosting
Machine learning
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber security has been drawing massive attention in recent years due to human reliance on new technology, and systems. Therefore, securing these systems against cyber-attacks has become an essential task nowadays. The advanced persistent threat is one of the most sophisticated cyber-attacks in which malicious actors gain unauthorized access to a network and remain undiscovered for a lengthy period of time. The number of recorded advanced persistent threat attacks and threats to organizations intensifies. One method used in detecting advanced persistent threat attacks is machine learning. However, this method has not been covered in many previous kinds of research due to the lack of datasets covering an entire advanced persistent threat attack lifecycle. Thus, this paper aims to build a new dataset that covers the complete life cycle of an advanced persistent threat attack to detect them in different stages such as normal, reconnaissance, initial compromise, lateral movement, and data exfiltration activities. The newly collected dataset is based on advanced persistent threat attacks using tactics, techniques, procedures, and indicators of compromise. Then, it is applied to a proposed machine learning model employing eXtreme gradient boosting and analysis of variance feature selection method. The model was compared to other traditional classifiers: random forest, decision tree, and K-nearest neighbor. Based on the accuracy score of the proposed model 99.89% using only 12 features, it proved to be more powerful and efficient than the other classifiers in detecting advanced persistent threat attacks. The dataset used in this research is newly built based on advanced persistent threat attack behaviors, which will aid organizations in detecting advanced persistent threat attack activity efficiently. The experimental evaluation proved that the proposed method effectively detects advanced persistent threat attacks at different stages.
ISSN:1110-8665
2090-4754
DOI:10.1016/j.eij.2022.06.005