A Cyber Kill Chain Approach for Detecting Advanced Persistent Threats

被引:18
|
作者
Ahmed, Yussuf [1 ]
Asyhari, A. Taufiq [1 ]
Rahman, Md Arafatur [2 ]
机构
[1] Birmingham City Univ, Sch Comp & Digital Technol, Birmingham, W Midlands, England
[2] Univ Malaysia Pahang, ERAS, IBM CoE, Fac Comp, Pahang, Malaysia
来源
CMC-COMPUTERS MATERIALS & CONTINUA | 2021年 / 67卷 / 02期
关键词
Advanced persistent threat; APT; Cyber Kill Chain; data breach; intrusion detection; cyber-attack; attack prediction; data-driven security and machine learning; TAXONOMY; TACTICS;
D O I
10.32604/cmc.2021.014223
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The number of cybersecurity incidents is on the rise despite significant investment in security measures. The existing conventional security approaches have demonstrated limited success against some of the more complex cyber-attacks. This is primarily due to the sophistication of the attacks and the availability of powerful tools. Interconnected devices such as the Internet of Things (IoT) are also increasing attack exposures due to the increase in vulnerabilities. Over the last few years, we have seen a trend moving towards embracing edge technologies to harness the power of IoT devices and 5G networks. Edge technology brings processing power closer to the network and brings many advantages, including reduced latency, while it can also introduce vulnerabilities that could be exploited. Smart cities are also dependent on technologies where everything is interconnected. This interconnectivity makes them highly vulnerable to cyber-attacks, especially by the Advanced Persistent Threat (APT), as these vulnerabilities are amplified by the need to integrate new technologies with legacy systems. Cybercriminals behind APT attacks have recently been targeting the IoT ecosystems, prevalent in many of these cities. In this paper, we used a publicly available dataset on Advanced Persistent Threats (APT) and developed a data-driven approach for detecting APT stages using the Cyber Kill Chain. APTs are highly sophisticated and targeted forms of attacks that can evade intrusion detection systems, resulting in one of the greatest current challenges facing security professionals. In this experiment, we used multiple machine learning classifiers, such as Naive Bayes, Bayes Net, KNN, Random Forest and Support Vector Machine (SVM). We used Weka performance metrics to show the numeric results. The best performance result of 91.1% was obtained with the Naive Bayes classifier. We hope our proposed solution will help security professionals to deal with APTs in a timely and effective manner.
引用
收藏
页码:2497 / 2513
页数:17
相关论文
共 50 条
  • [1] A novel approach for detecting advanced persistent threats
    Al-Saraireh, Jaafer
    Masarweh, Ala'
    [J]. EGYPTIAN INFORMATICS JOURNAL, 2022, 23 (04) : 45 - 55
  • [2] Advanced Persistent Threat Kill Chain for Cyber-Physical Power Systems
    Presekal, Alfan
    Ştefanov, Alexandru
    Rajkumar, Vetrivel Subramaniam
    Semertzis, Ioannis
    Palensky, Peter
    [J]. IEEE Access, 2024, 12 : 177746 - 177771
  • [3] APTHunter: Detecting Advanced Persistent Threats in Early Stages
    Mahmoud, Moustafa
    Mannan, Mohammad
    Youssef, Amr
    [J]. DIGITAL THREATS: RESEARCH AND PRACTICE, 2023, 4 (01):
  • [4] Learning Games for Defending Advanced Persistent Threats in Cyber Systems
    Zhu, Tianqing
    Ye, Dayong
    Cheng, Zishuo
    Zhou, Wanlei
    Yu, Philip S.
    [J]. IEEE TRANSACTIONS ON SYSTEMS MAN CYBERNETICS-SYSTEMS, 2023, 53 (04): : 2410 - 2422
  • [5] Security Evaluation of the Cyber Networks Under Advanced Persistent Threats
    Yang, Lu-Xing
    Li, Pengdeng
    Yang, Xiaofan
    Tang, Yuan Yan
    [J]. IEEE ACCESS, 2017, 5 : 20111 - 20123
  • [6] Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures
    Bahrami, Pooneh Nikkhah
    Dehghantanha, Ali
    Dargahi, Tooska
    Parizi, Reza M.
    Choo, Kim-Kwang Raymond
    Javadi, Hamid H. S.
    [J]. JOURNAL OF INFORMATION PROCESSING SYSTEMS, 2019, 15 (04): : 865 - 889
  • [7] Expert knowledge and data analysis for detecting advanced persistent threats
    Ramon Moya, Juan
    DeCastro-Garcia, Noemi
    Fernandez-Diaz, Ramon-Angel
    Lorenzana Tamargo, Jorge
    [J]. OPEN MATHEMATICS, 2017, 15 : 1108 - 1122
  • [8] The Use of Machine Learning Algorithms for Detecting Advanced Persistent Threats
    Eke, Hope Nkiruka
    Petrovski, Andrei
    Ahriz, Hatem
    [J]. PROCEEDINGS OF THE 12TH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS (SIN'19), 2019,
  • [9] A dynamic games approach to proactive defense strategies against Advanced Persistent Threats in cyber-physical systems
    Huang, Linan
    Zhu, Quanyan
    [J]. COMPUTERS & SECURITY, 2020, 89
  • [10] Detecting Advanced Persistent Threats Based on Entropy and Support Vector Machine
    Tan, Jiayu
    Wang, Jian
    [J]. ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, ICA3PP 2018, PT IV, 2018, 11337 : 153 - 165