nach oben

The Journal of Supercomputing

Erschienen in:

12.01.2022

APT-Dt-KC: advanced persistent threat detection based on kill-chain model

verfasst von: Maryam Panahnejad, Meghdad Mirabi

Erschienen in: The Journal of Supercomputing | Ausgabe 6/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Advanced persistent threat attacks are considered as a serious risk to almost any infrastructure since attackers are constantly changing and evolving their advanced techniques and methods. It is difficult to use traditional defense for detecting the advanced persistent threat attacks and protect network information. The detection of advanced persistent threat attack is usually mixed with many other attacks. Therefore, it is necessary to have a solution that is safe from error and failure in detecting them. In this paper, an intelligent approach is proposed called “APT-Dt-KC” to analyze, identify, and prevent cyber-attacks using the cyber-kill chain model and matching its fuzzy characteristics with the advanced persistent threat attack. In APT-Dt-KC, Pearson correlation test is used to reduce the amount of processing data, and then, a hybrid intrusion detection method is proposed using Bayesian classification algorithm and fuzzy analytical hierarchy process. The experimental results show that APT-Dt-KC has a false positive rate and false negative rate 1.9% and 3.6% less than the existing approach, respectively. The accuracy and detection rate of APT-Dt-KC has reached 98% with an average improvement of 5% over the existing approach.

Vorheriger Artikel An automatic query expansion based on hybrid CMO-COOT algorithm for optimized information retrieval

Nächster Artikel Kinematic and dynamic control model of wheeled mobile robot under internet of things and neural network

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Alazzam H, Sharieh A, Sabri KE (2020) A feature selection algorithm for intrusion detection system based on Pigeon inspired optimizer. Expert Syst Appl. https://doi.org/10.1016/j.eswa.2020.113CrossRef

Quincozes SE, Albuquerque C, Passos D, Mossé D (2021) A survey on intrusion detection and prevention systems in digital substations. Comput Netw. https://doi.org/10.1016/j.comnet.2020.107679CrossRef

Bostani H, Sheikhan M (2017) Modification of supervised OPF-based intrusion detection systems using unsupervised learning and social network concept. Pattern Recogn 62:56–72CrossRef

Hassan MM, Gumaei A, Alsanad A, Alrubaian M, Fortino G (2020) A hybrid deep learning model for efficient intrusion detection in big data environment. Inf Sci 513:386–396CrossRef

Condomines JP, Zhang R, Larrieu N (2019) Network intrusion detection system for UAV ad-hoc communication: From methodology design to real test validation. Ad Hoc Netw. https://doi.org/10.1016/j.adhoc.2018.09.004CrossRef

Martinez CV, Vogel-Heuser B (2021) A host intrusion detection system architecture for embedded industrial devices. J Franklin Inst 358:210–236CrossRef

Setiawan B, Djanali S, Ahmad T, Aziz MN (2019) Assessing centroid-based classification models for intrusion detection system using composite indicators. Procedia Comput Sci 161:665–676CrossRef

Rahouma K, Ali A (2019) Applying intrusion detection and response systems for securing the client data signals in the Egyptian optical network. Procedia Comput Sci 163:538–549CrossRef

Dong Y, Wang R, He J (2019) "Real-Time Network Intrusion Detection System Based on Deep Learning," in: 2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, pp 1–4

10.

Zhou Y, Mazzuchi TA, Sarkani S (2020) M-AdaBoost-A based ensemble system for network intrusion detection. Expert Syst Appl 162:2020. https://doi.org/10.1016/j.eswa.2020.113864CrossRef

11.

Zimba A, Chen H, Wang Z (2019) Bayesian network based weighted APT attack paths modeling in cloud computing. Futur Gener Comput Syst 96:525–537CrossRef

12.

Lee M, Choi J, Choi C, Kim P (2017) APT attack behavior pattern mining using the FP-growth algorithm," in: 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, USA, pp 1-4

13.

Hasan K, Shetty S, Ullah S (2019) Artificial Intelligence Empowered Cyber Threat Detection and Protection for Power Utilities, in: 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), Los Angeles, USA, pp 354–359

14.

Wang Q, Cai X, Tang Y, Ni M (2021) Methods of cyber-attack identification for power systems based on bilateral cyber-physical information. Int J Elect Power Energy Syst. https://doi.org/10.1016/j.ijepes.2020.106515CrossRef

15.

Bhatnagar D, Som S, Khatri SK (2019) Advance Persistant Threat and Cyber Spying - The Big Picture, Its Tools, Attack Vectors and Countermeasures, in: 2019 Amity International Conference on Artificial Intelligence (AICAI), Dubai, United Arab Emirates, pp 828–839

16.

Eggers S (2021) A novel approach for analyzing the nuclear supply chain cyber-attack surface. Nucl Eng Technol 53:879–887CrossRef

17.

Gu J, Wang L, Wang H, Wang S (2019) A novel approach to intrusion detection using SVM ensemble with feature augmentation. Comput Secur 86:53–62CrossRef

18.

Zulkefli Z, Singh MM, Shariff ARM, Samsudin A (2017) Typosquat cyber crime attack detection via smartphone. Procedia Comput Sci 124:664–671CrossRef

19.

Cho DX, Nam HH (2019) |A method of monitoring and detecting APT attacks based on unknown domains. Procedia Comput Sci 150:316–323CrossRef

20.

Dargahi T, Dehghantanha A, Nikkhah Bahrami P, Conti M, Bianchi G, Benedetto L (2019) A Cyber-Kill-Chain based taxonomy of crypto-ransomware features. J Comput Virol Hack Tech 15:277–305CrossRef

21.

Tankard C (2011) Advanced Persistent threats and how to monitor and deter them. Netw Secur 2011:16–19CrossRef

22.

Khan MS, Siddiqui S, Ferens K (2018) “A Cognitive and Concurrent Cyber Kill Chain Model”, 2018, in: Computer and Network Security Essentials, Springer, pp 585-602

23.

Bryant B, Saiedian H (2017) A novel kill-chain framework for remote security log analysis with SIEM software. Comput Secur 67:198–210CrossRef

24.

Yadav T, Rao AM (2015) “Technical Aspects of Cyber Kill Chain”, In: Security in Computing and Communications. (SSCC 2015), Communications in Computer and Information, Vol 536. Springer, https://doi.org/10.1007/978-3-319-22915-7_40

25.

Mohsin M, Anwar Z (2016) "Where to Kill the Cyber Kill-Chain: An Ontology-Driven Framework for IoT Security Analytics," in: 2016 International Conference on Frontiers of Information Technology (FIT), Islamabad, 2016, Islamabad, Pakistan, pp 23-28

26.

Kiwiaa D, Dehghantanhaa A, Choob K-KR, Slaughter J (2018) A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. J Comput Sci 27:394–409CrossRef

27.

Verma R, Chandra S (2020) "A Fuzzy AHP Approach for Ranking Security Attributes in Fog-IoT Environment," in: A Fuzzy AHP Approach for Ranking Security Attributes in Fog-IoT Environment (ICCCNT), Kharagpur, India, pp 1–5

28.

Ogundoyin SO, Kamil IA (2020) A Fuzzy-AHP based prioritization of trust criteria in fog computing services. Appl Soft Comput 97:106789CrossRef

29.

Liu Y, Eckert CM, Earl C (2020) A review of fuzzy AHP methods for decision-making with subjective judgements. Expert Syst Appl 161:113738CrossRef

30.

Kalaiselvi B, Thangamani M (2020) An efficient Pearson correlation based improved random forest classification for protein structure prediction techniques. Measurement 162:107885CrossRef

31.

Singh VK, Callupe SP, Govindarasu M (2019) Testbed-based Evaluation of SIEM Tool for Cyber Kill Chain Model in Power Grid SCADA System”, in: 2019 North American Power Symposium (NAPS), Wichita, KS, USA

32.

Kim J, Baskerville RL, Ding Y (2020) Breaking the privacy kill chain: protecting individual and group privacy online. Inf Syst Front 22:171–185CrossRef

33.

Shameli-Sendi A, Dagenais M (2014) ARITO: cyber-attack response system using accurate risk impact tolerance. Int J Inf Secur 13:367–390CrossRef

34.

Duncan A, Creese S, Goldsmith M (2019) "A Combined Attack-Tree and Kill-Chain Approach to Designing Attack-Detection Strategies for Malicious Insiders in Cloud Computing", in: 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security),Oxford, United Kingdom, United Kingdom, pp 1–9

35.

Schneier B (2019) Attack Trees, Dr. Dobb’s Journal, 24

36.

Hoffmann R (2019) "Markov Models of Cyber Kill Chains with Iterations", in: International Conference on Military Communications and Information Systems (ICMCIS), Budva, Montenegro

37.

Hoffmann R (2018) The general cyber-attack life cycle and its continuous time Markov chain model. Ekonomiczne Problemy Usług 10:121–130CrossRef

38.

Hutchins EM, Cloppert MJ, Amin RM (2011) "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains", Leading Issues in Information Warfare and Security Research, pp 78–104

39.

Martin L (2015) "Seven Ways to Apply the Cyber Kill Chain with a Threat Intelligence Platform," [Online]. Available: https://www.lockheedmartin.com/content/dam/

40.

Yang L, Li P, Yang X, Xiang Y, Jiang F, Zhou W (2019) "Effective Quarantine and Recovery Scheme Against Advanced Persistent Threat”, IEEE Transactions on Systems, Man, and Cybernetics: Systems, pp1–5

41.

Joloudari JH, Haderbadi M, Mashmool A, Ghasemigol M, Band SS, Mosavi A (2020) Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 8:186125–186137CrossRef

42.

Yan D, Liu F, Jia K (2019) "Modeling an Information-Based Advanced Persistent Threat Attack on the Internal Network," in: IEEE International Conference on Communications (ICC), Shanghai, China, pp 1–7

43.

Yang L-X, Huang K, Yang X, Zhang Y, Xiang Y, Tang YY (2020) "Defense against advanced persistent threat through data backup and recovery," IEEE Transactions on Network Science and Engineering, pp 1–1

44.

Ahmed Y, Asyhari AT, Rahman MA (2021) A cyber kill chain approach for detecting advanced persistent threat. Comput Mater Continua 67:2497–2513CrossRef

45.

Xuan CD (2021) Detecting APT Attacks Based On Network Traffic Using Machine Learning. Journal of Web Engineering. https://doi.org/10.13052/jwe1540-9589.2019

46.

Immink KAS, Weber JH (2014) Minimum Pearson distance detection for multilevel channels with gain and/or offset mismatch. IEEE Trans Inf Theory 60:5966–5974MathSciNetCrossRef

47.

Rummel RJ (1976) Understanding Correlation, Life Time of Correlations and its Applications. Wydawnictwo Niezależne, pp 5–21

48.

Mu Y, Liu X, Wang L (2018) A Pearson’s correlation coefficient based decision tree and its parallel implementation. Inf Sci 435:40–58MathSciNetCrossRef

49.

Kyrimi E, Neves MR, McLachlan S, Neil M, Marsh W, Fenton N (2020) Medical idioms for clinical Bayesian network development. J Biomed Inform 108:103495CrossRef

50.

Mohammadi H (2012) "Strategic Decision Making in Resource Selection", 2, 1-12

Titel: APT-Dt-KC: advanced persistent threat detection based on kill-chain model
verfasst von: Maryam Panahnejad
Meghdad Mirabi
Publikationsdatum: 12.01.2022
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 6/2022
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-021-04201-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 6/2022

Attention-based framework for weakly supervised video anomaly detection

An extended visual methods to perform data cluster assessment in distributed data systems

A new selfish thing detection method based on Voronoi diagram for Internet of Things

Driver attention prediction based on convolution and transformers

Kinematic and dynamic control model of wheeled mobile robot under internet of things and neural network

A novel elephant herd optimization model with a deep extreme Learning machine for solar radiation prediction using weather forecasts

Premium Partner