Skip to main content

2018 | OriginalPaper | Buchkapitel

Detecting Advanced Persistent Threats Based on Entropy and Support Vector Machine

verfasst von : Jiayu Tan, Jian Wang

Erschienen in: Algorithms and Architectures for Parallel Processing

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Advanced Persistent Threats (APTs) have become the critical issue in high security network. The high pertinence, disguise and phasing make it even more ineffective to be discovered by traditional detection technologies. APTs continuously gather information and data from targeted objects, using various of exploits to penetrate the organization. The current threat detection methods take advantage of machine learning algorithm using statistical and behavioral characteristics of the network traffic. The key problem using machine learning algorithm is to find a appropriate feature vector to be fed into the learner. This paper presents an entropy-based detection using support vector machine, aiming to find the traffic containing APT attack, so that attacking stream will be restricted in a smaller range of network traffic which makes it much easier to be found in further analysis. The experimental results show that the proposed method can more effectively and efficiently distinguish the traffic containing ATP streams from the normal.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Barceló-Rico, F., Esparcia-Alcázar, A.I., Villalón-Huerta, A.: Semi-supervised classification system for the detection of advanced persistent threats. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H.A. (eds.) Recent Advances in Computational Intelligence in Defense and Security. SCI, vol. 621, pp. 225–248. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-26450-9_9CrossRef Barceló-Rico, F., Esparcia-Alcázar, A.I., Villalón-Huerta, A.: Semi-supervised classification system for the detection of advanced persistent threats. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H.A. (eds.) Recent Advances in Computational Intelligence in Defense and Security. SCI, vol. 621, pp. 225–248. Springer, Cham (2016). https://​doi.​org/​10.​1007/​978-3-319-26450-9_​9CrossRef
2.
Zurück zum Zitat Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: Duqu: a stuxnet-like malware found in the wild. CrySyS Lab Tech. Rep. 14, 1–60 (2011) Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: Duqu: a stuxnet-like malware found in the wild. CrySyS Lab Tech. Rep. 14, 1–60 (2011)
3.
Zurück zum Zitat Brewer, R.: Advanced persistent threats: minimising the damage. Netw. Secur. 2014(4), 5–9 (2014)CrossRef Brewer, R.: Advanced persistent threats: minimising the damage. Netw. Secur. 2014(4), 5–9 (2014)CrossRef
4.
Zurück zum Zitat Chien, E., O’Murchu, L., Falliere, N.: W32.Duqu: the precursor to the next stuxnet. In: LEET (2012) Chien, E., O’Murchu, L., Falliere, N.: W32.Duqu: the precursor to the next stuxnet. In: LEET (2012)
5.
Zurück zum Zitat Devi, S.R., Yogesh, P.: A hybrid approach to counter application layer DDoS attacks. Int. J. Crypt. Inf. Secur. (IJCIS) 2(2), 45 (2012) Devi, S.R., Yogesh, P.: A hybrid approach to counter application layer DDoS attacks. Int. J. Crypt. Inf. Secur. (IJCIS) 2(2), 45 (2012)
6.
Zurück zum Zitat Ferreira, D.C., Vázquez, F.I., Vormayr, G., Bachl, M., Zseby, T.: A meta-analysis approach for feature selection in network traffic research. In: Proceedings of the Reproducibility Workshop, pp. 17–20. ACM (2017) Ferreira, D.C., Vázquez, F.I., Vormayr, G., Bachl, M., Zseby, T.: A meta-analysis approach for feature selection in network traffic research. In: Proceedings of the Reproducibility Workshop, pp. 17–20. ACM (2017)
7.
Zurück zum Zitat Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)MathSciNetCrossRef Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)MathSciNetCrossRef
8.
Zurück zum Zitat Lu, J., Zhang, X., Junfeng, W., Lingyun, Y.: APT traffic detection based on time transform. In: 2016 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp. 9–13. IEEE (2016) Lu, J., Zhang, X., Junfeng, W., Lingyun, Y.: APT traffic detection based on time transform. In: 2016 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp. 9–13. IEEE (2016)
9.
Zurück zum Zitat Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)CrossRef Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)CrossRef
10.
Zurück zum Zitat Marchetti, M., Pierazzi, F., Guido, A., Colajanni, M.: Countering advanced persistent threats through security intelligence and big data analytics. In: 2016 8th International Conference on Cyber Conflict (CyCon), pp. 243–261. IEEE (2016) Marchetti, M., Pierazzi, F., Guido, A., Colajanni, M.: Countering advanced persistent threats through security intelligence and big data analytics. In: 2016 8th International Conference on Cyber Conflict (CyCon), pp. 243–261. IEEE (2016)
12.
Zurück zum Zitat McClure, N.: Tensorflow machine learning cookbook (2017) McClure, N.: Tensorflow machine learning cookbook (2017)
13.
Zurück zum Zitat Ng, S., Bakhtiarib, M.: Advanced persistent threat detection based on network traffic noise pattern and analysis. J. Adv. Res. Comput. Appl. 21, 1–18 (2016) Ng, S., Bakhtiarib, M.: Advanced persistent threat detection based on network traffic noise pattern and analysis. J. Adv. Res. Comput. Appl. 21, 1–18 (2016)
15.
16.
Zurück zum Zitat Shick, D., Horneman, A.: Investigating advanced persistent threat 1 (APT1) (2014) Shick, D., Horneman, A.: Investigating advanced persistent threat 1 (APT1) (2014)
17.
Zurück zum Zitat Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics, pp. 64–69. ACM (2016) Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics, pp. 64–69. ACM (2016)
18.
Zurück zum Zitat Wang, X., Zheng, K., Niu, X., Wu, B., Wu, C.: Detection of command and control in advanced persistent threat based on independent access. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2016) Wang, X., Zheng, K., Niu, X., Wu, B., Wu, C.: Detection of command and control in advanced persistent threat based on independent access. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2016)
Metadaten
Titel
Detecting Advanced Persistent Threats Based on Entropy and Support Vector Machine
verfasst von
Jiayu Tan
Jian Wang
Copyright-Jahr
2018
DOI
https://doi.org/10.1007/978-3-030-05063-4_13