Loading…
A novel approach for detecting advanced persistent threats
Cyber security has been drawing massive attention in recent years due to human reliance on new technology, and systems. Therefore, securing these systems against cyber-attacks has become an essential task nowadays. The advanced persistent threat is one of the most sophisticated cyber-attacks in whic...
Saved in:
| Published in: | Egyptian informatics journal 2022-12, Vol.23 (4), p.45-55 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c336t-ab98d34a659fc23f42ad0d9eb598064f754132b63ec46e00aff6a859a244b45b3 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c336t-ab98d34a659fc23f42ad0d9eb598064f754132b63ec46e00aff6a859a244b45b3 |
| container_end_page | 55 |
| container_issue | 4 |
| container_start_page | 45 |
| container_title | Egyptian informatics journal |
| container_volume | 23 |
| creator | Al-Saraireh, Jaafer Masarweh, Ala' |
| description | Cyber security has been drawing massive attention in recent years due to human reliance on new technology, and systems. Therefore, securing these systems against cyber-attacks has become an essential task nowadays. The advanced persistent threat is one of the most sophisticated cyber-attacks in which malicious actors gain unauthorized access to a network and remain undiscovered for a lengthy period of time. The number of recorded advanced persistent threat attacks and threats to organizations intensifies. One method used in detecting advanced persistent threat attacks is machine learning. However, this method has not been covered in many previous kinds of research due to the lack of datasets covering an entire advanced persistent threat attack lifecycle. Thus, this paper aims to build a new dataset that covers the complete life cycle of an advanced persistent threat attack to detect them in different stages such as normal, reconnaissance, initial compromise, lateral movement, and data exfiltration activities. The newly collected dataset is based on advanced persistent threat attacks using tactics, techniques, procedures, and indicators of compromise. Then, it is applied to a proposed machine learning model employing eXtreme gradient boosting and analysis of variance feature selection method. The model was compared to other traditional classifiers: random forest, decision tree, and K-nearest neighbor. Based on the accuracy score of the proposed model 99.89% using only 12 features, it proved to be more powerful and efficient than the other classifiers in detecting advanced persistent threat attacks. The dataset used in this research is newly built based on advanced persistent threat attack behaviors, which will aid organizations in detecting advanced persistent threat attack activity efficiently. The experimental evaluation proved that the proposed method effectively detects advanced persistent threat attacks at different stages. |
| doi_str_mv | 10.1016/j.eij.2022.06.005 |
| format | article |
| fullrecord | <record><control><sourceid>elsevier_doaj_</sourceid><recordid>TN_cdi_doaj_primary_oai_doaj_org_article_80c9d220576147c0b4a008786dbb9a2e</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1110866522000470</els_id><doaj_id>oai_doaj_org_article_80c9d220576147c0b4a008786dbb9a2e</doaj_id><sourcerecordid>S1110866522000470</sourcerecordid><originalsourceid>FETCH-LOGICAL-c336t-ab98d34a659fc23f42ad0d9eb598064f754132b63ec46e00aff6a859a244b45b3</originalsourceid><addsrcrecordid>eNp9kE1LxDAQhoMouOj-AG_9A62TNElbPS2LHwsLXvQcpsl0N2VtS1IW_PdmXfHoXAYG3od3HsbuOBQcuL7vC_J9IUCIAnQBoC7YQkADuayUvGQLzjnktdbqmi1j7CGN5kIqvWAPq2wYj3TIcJrCiHafdWPIHM1kZz_sMnRHHCy5bKIQfZxpmLN5HwjneMuuOjxEWv7uG_bx_PS-fs23by-b9Wqb27LUc45tU7tSolZNZ0XZSYEOXEOtamrQsksVeSlaXZKVmgCw6zTWqkEhZStVW96wzZnrRuzNFPwnhi8zojc_hzHsDIbZ2wOZGmzjhABVaS4rC61EgLqqtWvbBKTE4meWDWOMgbo_Hgdzcml6k1yak0sD2iSXKfN4zlB68ugpmGg9naT4kCylFv6f9DeBQ3r8</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A novel approach for detecting advanced persistent threats</title><source>ScienceDirect Journals</source><creator>Al-Saraireh, Jaafer ; Masarweh, Ala'</creator><creatorcontrib>Al-Saraireh, Jaafer ; Masarweh, Ala'</creatorcontrib><description>Cyber security has been drawing massive attention in recent years due to human reliance on new technology, and systems. Therefore, securing these systems against cyber-attacks has become an essential task nowadays. The advanced persistent threat is one of the most sophisticated cyber-attacks in which malicious actors gain unauthorized access to a network and remain undiscovered for a lengthy period of time. The number of recorded advanced persistent threat attacks and threats to organizations intensifies. One method used in detecting advanced persistent threat attacks is machine learning. However, this method has not been covered in many previous kinds of research due to the lack of datasets covering an entire advanced persistent threat attack lifecycle. Thus, this paper aims to build a new dataset that covers the complete life cycle of an advanced persistent threat attack to detect them in different stages such as normal, reconnaissance, initial compromise, lateral movement, and data exfiltration activities. The newly collected dataset is based on advanced persistent threat attacks using tactics, techniques, procedures, and indicators of compromise. Then, it is applied to a proposed machine learning model employing eXtreme gradient boosting and analysis of variance feature selection method. The model was compared to other traditional classifiers: random forest, decision tree, and K-nearest neighbor. Based on the accuracy score of the proposed model 99.89% using only 12 features, it proved to be more powerful and efficient than the other classifiers in detecting advanced persistent threat attacks. The dataset used in this research is newly built based on advanced persistent threat attack behaviors, which will aid organizations in detecting advanced persistent threat attack activity efficiently. The experimental evaluation proved that the proposed method effectively detects advanced persistent threat attacks at different stages.</description><identifier>ISSN: 1110-8665</identifier><identifier>EISSN: 2090-4754</identifier><identifier>DOI: 10.1016/j.eij.2022.06.005</identifier><language>eng</language><publisher>Elsevier B.V</publisher><subject>Advanced persistent threat ; Analysis of variance ; eXtreme gradient boosting ; Machine learning</subject><ispartof>Egyptian informatics journal, 2022-12, Vol.23 (4), p.45-55</ispartof><rights>2022</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c336t-ab98d34a659fc23f42ad0d9eb598064f754132b63ec46e00aff6a859a244b45b3</citedby><cites>FETCH-LOGICAL-c336t-ab98d34a659fc23f42ad0d9eb598064f754132b63ec46e00aff6a859a244b45b3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S1110866522000470$$EHTML$$P50$$Gelsevier$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,3535,27903,27904,45759</link.rule.ids></links><search><creatorcontrib>Al-Saraireh, Jaafer</creatorcontrib><creatorcontrib>Masarweh, Ala'</creatorcontrib><title>A novel approach for detecting advanced persistent threats</title><title>Egyptian informatics journal</title><description>Cyber security has been drawing massive attention in recent years due to human reliance on new technology, and systems. Therefore, securing these systems against cyber-attacks has become an essential task nowadays. The advanced persistent threat is one of the most sophisticated cyber-attacks in which malicious actors gain unauthorized access to a network and remain undiscovered for a lengthy period of time. The number of recorded advanced persistent threat attacks and threats to organizations intensifies. One method used in detecting advanced persistent threat attacks is machine learning. However, this method has not been covered in many previous kinds of research due to the lack of datasets covering an entire advanced persistent threat attack lifecycle. Thus, this paper aims to build a new dataset that covers the complete life cycle of an advanced persistent threat attack to detect them in different stages such as normal, reconnaissance, initial compromise, lateral movement, and data exfiltration activities. The newly collected dataset is based on advanced persistent threat attacks using tactics, techniques, procedures, and indicators of compromise. Then, it is applied to a proposed machine learning model employing eXtreme gradient boosting and analysis of variance feature selection method. The model was compared to other traditional classifiers: random forest, decision tree, and K-nearest neighbor. Based on the accuracy score of the proposed model 99.89% using only 12 features, it proved to be more powerful and efficient than the other classifiers in detecting advanced persistent threat attacks. The dataset used in this research is newly built based on advanced persistent threat attack behaviors, which will aid organizations in detecting advanced persistent threat attack activity efficiently. The experimental evaluation proved that the proposed method effectively detects advanced persistent threat attacks at different stages.</description><subject>Advanced persistent threat</subject><subject>Analysis of variance</subject><subject>eXtreme gradient boosting</subject><subject>Machine learning</subject><issn>1110-8665</issn><issn>2090-4754</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>DOA</sourceid><recordid>eNp9kE1LxDAQhoMouOj-AG_9A62TNElbPS2LHwsLXvQcpsl0N2VtS1IW_PdmXfHoXAYG3od3HsbuOBQcuL7vC_J9IUCIAnQBoC7YQkADuayUvGQLzjnktdbqmi1j7CGN5kIqvWAPq2wYj3TIcJrCiHafdWPIHM1kZz_sMnRHHCy5bKIQfZxpmLN5HwjneMuuOjxEWv7uG_bx_PS-fs23by-b9Wqb27LUc45tU7tSolZNZ0XZSYEOXEOtamrQsksVeSlaXZKVmgCw6zTWqkEhZStVW96wzZnrRuzNFPwnhi8zojc_hzHsDIbZ2wOZGmzjhABVaS4rC61EgLqqtWvbBKTE4meWDWOMgbo_Hgdzcml6k1yak0sD2iSXKfN4zlB68ugpmGg9naT4kCylFv6f9DeBQ3r8</recordid><startdate>202212</startdate><enddate>202212</enddate><creator>Al-Saraireh, Jaafer</creator><creator>Masarweh, Ala'</creator><general>Elsevier B.V</general><general>Elsevier</general><scope>6I.</scope><scope>AAFTH</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>DOA</scope></search><sort><creationdate>202212</creationdate><title>A novel approach for detecting advanced persistent threats</title><author>Al-Saraireh, Jaafer ; Masarweh, Ala'</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c336t-ab98d34a659fc23f42ad0d9eb598064f754132b63ec46e00aff6a859a244b45b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Advanced persistent threat</topic><topic>Analysis of variance</topic><topic>eXtreme gradient boosting</topic><topic>Machine learning</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Al-Saraireh, Jaafer</creatorcontrib><creatorcontrib>Masarweh, Ala'</creatorcontrib><collection>ScienceDirect Open Access Titles</collection><collection>Elsevier:ScienceDirect:Open Access</collection><collection>CrossRef</collection><collection>Directory of Open Access Journals</collection><jtitle>Egyptian informatics journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Al-Saraireh, Jaafer</au><au>Masarweh, Ala'</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A novel approach for detecting advanced persistent threats</atitle><jtitle>Egyptian informatics journal</jtitle><date>2022-12</date><risdate>2022</risdate><volume>23</volume><issue>4</issue><spage>45</spage><epage>55</epage><pages>45-55</pages><issn>1110-8665</issn><eissn>2090-4754</eissn><abstract>Cyber security has been drawing massive attention in recent years due to human reliance on new technology, and systems. Therefore, securing these systems against cyber-attacks has become an essential task nowadays. The advanced persistent threat is one of the most sophisticated cyber-attacks in which malicious actors gain unauthorized access to a network and remain undiscovered for a lengthy period of time. The number of recorded advanced persistent threat attacks and threats to organizations intensifies. One method used in detecting advanced persistent threat attacks is machine learning. However, this method has not been covered in many previous kinds of research due to the lack of datasets covering an entire advanced persistent threat attack lifecycle. Thus, this paper aims to build a new dataset that covers the complete life cycle of an advanced persistent threat attack to detect them in different stages such as normal, reconnaissance, initial compromise, lateral movement, and data exfiltration activities. The newly collected dataset is based on advanced persistent threat attacks using tactics, techniques, procedures, and indicators of compromise. Then, it is applied to a proposed machine learning model employing eXtreme gradient boosting and analysis of variance feature selection method. The model was compared to other traditional classifiers: random forest, decision tree, and K-nearest neighbor. Based on the accuracy score of the proposed model 99.89% using only 12 features, it proved to be more powerful and efficient than the other classifiers in detecting advanced persistent threat attacks. The dataset used in this research is newly built based on advanced persistent threat attack behaviors, which will aid organizations in detecting advanced persistent threat attack activity efficiently. The experimental evaluation proved that the proposed method effectively detects advanced persistent threat attacks at different stages.</abstract><pub>Elsevier B.V</pub><doi>10.1016/j.eij.2022.06.005</doi><tpages>11</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1110-8665 |
| ispartof | Egyptian informatics journal, 2022-12, Vol.23 (4), p.45-55 |
| issn | 1110-8665 2090-4754 |
| language | eng |
| recordid | cdi_doaj_primary_oai_doaj_org_article_80c9d220576147c0b4a008786dbb9a2e |
| source | ScienceDirect Journals |
| subjects | Advanced persistent threat Analysis of variance eXtreme gradient boosting Machine learning |
| title | A novel approach for detecting advanced persistent threats |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-22T22%3A52%3A27IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-elsevier_doaj_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20novel%20approach%20for%20detecting%20advanced%20persistent%20threats&rft.jtitle=Egyptian%20informatics%20journal&rft.au=Al-Saraireh,%20Jaafer&rft.date=2022-12&rft.volume=23&rft.issue=4&rft.spage=45&rft.epage=55&rft.pages=45-55&rft.issn=1110-8665&rft.eissn=2090-4754&rft_id=info:doi/10.1016/j.eij.2022.06.005&rft_dat=%3Celsevier_doaj_%3ES1110866522000470%3C/elsevier_doaj_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c336t-ab98d34a659fc23f42ad0d9eb598064f754132b63ec46e00aff6a859a244b45b3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |