Early detection of the advanced persistent threat attack using performance analysis of deep learning

One of the most common and important destructive attacks on the victim system is Advanced Persistent Threat (APT)-attack. The APT attacker can achieve his hostile goals by obtaining information and gaining financial benefits regarding the infrastructure of a network. One of the solutions to detect a secret APT attack is using network traffic. Due to the nature of the APT attack in terms of being on the network for a long time and the fact that the network may crash because of high traffic, it is difficult to detect this type of attack. Hence, in this study, machine learning methods such as C5.0 decision tree, Bayesian network and deep neural network are used for timely detection and classification of APT-attacks on the NSL-KDD dataset. Moreover, 10-fold cross validation method is used to experiment these models. As a result, the accuracy (ACC) of the C5.0 decision tree, Bayesian network and 6-layer deep learning models is obtained as 95.64 terms of the important criterion of the false positive rate (FPR), the FPR value for the C5.0 decision tree, Bayesian network and 6-layer deep learning models is obtained as 2.56, 10.47 and 1.13, respectively. Other criterions such as sensitivity, specificity, accuracy, false negative rate and F-measure are also investigated for the models, and the experimental results show that the deep learning model with automatic multi-layered extraction of features has the best performance for timely detection of an APT-attack comparing to other classification models.


Evaluation of Machine Learning Classifiers for Zero-Day Intrusion Detection -- An Analysis on CIC-AWS-2018 dataset

Detecting Zero-Day intrusions has been the goal of Cybersecurity, especi...

DeepTaskAPT: Insider APT detection using Task-tree based Deep Learning

APT, known as Advanced Persistent Threat, is a difficult challenge for c...

Early detection of Crossfire attacks using deep learning

Crossfire attack is a recently proposed threat designed to disconnect wh...

Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection

Ransomware has become a significant global threat with the ransomware-as...

APTSHIELD: A Stable, Efficient and Real-time APT Detection System for Linux Hosts

Advanced Persistent Threat (APT) attack usually refers to the form of lo...

Blockwise Based Detection of Local Defects

Print quality is an important criterion for a printer's performance. The...

Being Patient and Persistent: Optimizing An Early Stopping Strategy for Deep Learning in Profiled Attacks

The absence of an algorithm that effectively monitors deep learning mode...

Please sign up or login with your details

Forgot password? Click here to reset