A novel approach for detecting advanced persistent threats

Cyber security has been drawing massive attention in recent years due to human reliance on new tech-nology, and systems. Therefore, securing these systems against cyber-attacks has become an essential task nowadays. The advanced persistent threat is one of the most sophisticated cyber-attacks in which malicious actors gain unauthorized access to a network and remain undiscovered for a lengthy period of time. The number of recorded advanced persistent threat attacks and threats to organizations intensi-fies. One method used in detecting advanced persistent threat attacks is machine learning. However, this method has not been covered in many previous kinds of research due to the lack of datasets covering an entire advanced persistent threat attack lifecycle. Thus, this paper aims to build a new dataset that covers the complete life cycle of an advanced persistent threat attack to detect them in different stages such as normal, reconnaissance, initial compromise, lateral movement, and data exfiltration activities. The newly collected dataset is based on advanced persistent threat attacks using tactics, techniques, procedures, and indicators of compromise. Then, it is applied to a proposed machine learning model employing eXtreme gradient boosting and analysis of variance feature selection method. The model was compared to other traditional classifiers: random forest, decision tree, and K-nearest neighbor. Based on the accuracy score of the proposed model 99.89% using only 12 features, it proved to be more powerful and efficient than the other classifiers in detecting advanced persistent threat attacks. The dataset used in this research is newly built based on advanced persistent threat attack behaviors, which will aid organizations in detecting advanced persistent threat attack activity efficiently. The experimental evaluation proved that the pro-posed method effectively detects advanced persistent threat attacks at different stages.(c) 2022 THE AUTHORS. Published by Elsevier BV on behalf of Faculty of Computers and Artificial Intel-ligence, Cairo University. This is an open access article under the CC BY-NC-ND license (http://creative-commons.org/licenses/by-nc-nd/4.0/).