Advanced Persistent Threats Detection based on Deep Learning Approach

被引:1
|
作者
Eke, Hope Nkiruka [1 ]
Petrovski, Andrei [2 ]
机构
[1] Robert Gordon Univ, Sch Comp, Aberdeen, Scotland
[2] Natl Subsea Ctr, Sch Comp, Aberdeen, Scotland
关键词
Advanced Persistent Threats; Cyber-Physical Systems; Critical Infrastructures; Deep Learning; Industrial Control Systems; Supervisory Control and Data Acquisition; APT ATTACKS; NETWORKS;
D O I
10.1109/ICPS58381.2023.10128062
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. APT is a sophisticated attack that masquerade their actions to navigates around defenses, breach networks, often, over multiple network hosts and evades detection. It also uses "low-and-slow" approach over a long period of time. Resource availability, integrity, and confidentiality of the operational cyber-physical systems (CPS) state and control is highly impacted by the safety and security measures in place. A framework multi-stage detection approach termed "APT(DASAC)" to detect different tactics, techniques, and procedures (TTPs) used during various APT steps is proposed. Implementation was carried out in three stages: (i) Data input and probing layer - this involves data gathering and pre-processing, (ii) Data analysis layer; applies the core process of "APT(DASAC)" to learn the behaviour of attack steps from the sequence data, correlate and link the related output and, (iii) Decision layer; the ensemble probability approach is utilized to integrate the output and make attack prediction. The framework was validated with three different datasets and three case studies. The proposed approach achieved a significant attacks detection capability of 86.36% with loss as 0.32%, demonstrating that attack detection techniques applied that performed well in one domain may not yield the same good result in another domain. This suggests that robustness and resilience of operational systems state to withstand attack and maintain system performance are regulated by the safety and security measures in place, which is specific to the system in question.
引用
收藏
页数:10
相关论文
共 50 条
  • [1] Fast Detection of Advanced Persistent Threats for Smart Grids: A Deep Reinforcement Learning Approach
    Yu, Shi
    [J]. IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC 2022), 2022, : 2676 - 2681
  • [2] Explainable deep learning approach for advanced persistent threats (APTs) detection in cybersecurity: a review
    Mutalib, Noor Hazlina Abdul
    Sabri, Aznul Qalid Md
    Wahab, Ainuddin Wahid Abdul
    Abdullah, Erma Rahayu Mohd Faizal
    Aldahoul, Nouar
    [J]. ARTIFICIAL INTELLIGENCE REVIEW, 2024, 57 (11)
  • [3] Evidence-Based Detection of Advanced Persistent Threats
    Tecuci, Gheorghe
    Marcu, Dorin
    Meckl, Steven
    Boicu, Mihai
    [J]. COMPUTING IN SCIENCE & ENGINEERING, 2018, 20 (06) : 54 - 65
  • [4] Advanced Persistent Threats - Detection and Defense
    Vukalovic, J.
    Delija, D.
    [J]. 2015 8TH INTERNATIONAL CONVENTION ON INFORMATION AND COMMUNICATION TECHNOLOGY, ELECTRONICS AND MICROELECTRONICS (MIPRO), 2015, : 1324 - 1330
  • [5] A Context-Based Detection Framework for Advanced Persistent Threats
    Giura, Paul
    Wang, Wei
    [J]. 2012 ASE INTERNATIONAL CONFERENCE ON CYBER SECURITY (CYBERSECURITY), 2012, : 69 - 74
  • [6] Detection of advanced persistent threats using hashing and graph-based learning on streaming data
    Megherbi, Walid
    Kiouche, Abd Errahmane
    Haddad, Mohammed
    Seba, Hamida
    [J]. APPLIED INTELLIGENCE, 2024, 54 (07) : 5879 - 5890
  • [7] Detection of Advanced Persistent Threats using Artificial Intelligence for Deep Packet Inspection
    Dijk, Allard
    [J]. 2021 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2021, : 2092 - 2097
  • [8] Defense Against Advanced Persistent Threats in Smart Grids: A Reinforcement Learning Approach
    Ning, Baifeng
    Xiao, Liang
    [J]. 2021 PROCEEDINGS OF THE 40TH CHINESE CONTROL CONFERENCE (CCC), 2021, : 8598 - 8603
  • [9] A novel approach for detecting advanced persistent threats
    Al-Saraireh, Jaafer
    Masarweh, Ala'
    [J]. EGYPTIAN INFORMATICS JOURNAL, 2022, 23 (04) : 45 - 55
  • [10] A Rule Mining-Based Advanced Persistent Threats Detection System
    Benabderrahmane, Sidahmed
    Berrada, Ghita
    Cheney, James
    Valtchev, Petko
    [J]. PROCEEDINGS OF THE THIRTIETH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, IJCAI 2021, 2021, : 3589 - 3596