Skip to main content
SpringerLink
Log in

An Incisive Analysis of Advanced Persistent Threat Detection Using Machine Learning Techniques

  • Conference paper
  • First Online:
Computational Intelligence in Data Mining

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 281))

Abstract

Up thrust in security threats and cyber-attacks are due to infinite growth in Internet-based services. One such multi-stage security threat which is more serious, undiscoverable, and complicated is Advanced Persistent Threat (APT). Discovering an APT attack is a foremost challenge to the research community as the attack vectors of APT exists for a long period. Persistent efforts by the researchers in APT detection using machine learning models improve the detection efficiency and provide a better understanding of the APT Stages. This review article summarizes the various machine learning-based detection techniques presented so far in the literature to alleviate the impact of APT and guides the interested researchers to design a computationally attractive, reliable, and robust machine learning-based system for efficient APT detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 279.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. D. Craigen, N. Diakun-Thibault, R. Purse, Defining cybersecurity. Technol. Innov. Manag. Rev. 4(10) (2014)

    Google Scholar 

  2. B. Stojanović, K. Hofer-Schmitz, U. Kleb, APT datasets and attack modeling for automated detection methods: a review. Comput. Secur. 92, 101734 (2020)

    Google Scholar 

  3. Swisscom, Targeted Attacks Cyber Security Report 2019; Technical report (Swisscom (Switzerland) Ltd. Group Security, Bern, 2019)

    Google Scholar 

  4. A. Alshamrani, S. Myneni, A. Chowdhary, D. Huang.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutorials 21(2), 1851–1877 (2019)

    Google Scholar 

  5. W. Niu, X. Zhang, G.W. Yang, J. Zhu, Z. Ren, Identifying APT malware domain based on mobile DNS logging. Math. Probl. Eng. (2017)

    Google Scholar 

  6. CISCO Systems. CISCO: Protecting ICS with Industrial Signatures. https://www.cisco.com/c/en/us/products/security/index.html. Accessed on 5 June 2021

  7. Solid State System LLC, http://solidsystemsllc.com/advanced-persistent-threat-protection Accessed on 24 Mar 2021

  8. R. Zhang, Y. Huo, J. Liu, F. Weng, Constructing APT attack scenarios based on intrusion kill chain and fuzzy clustering. Secur. Commun. Netw. 7536381 (2017)

    Google Scholar 

  9. Malware Capture Facility Project. http://mcfp.weebly.com Accessed 28 on Aug 2021

  10. Malware-Traffic-Analysis Blog. http://www.malware-traffic-analysis.net Accessed on 27 Aug 2021

  11. T M technical report, Targeted attacks and how to defend against them, http://www.trendmicro.co.uk/media/misc/targeted-attacks-and-how-to-defendagainst-them-en.pdf. Accessed on 9 July 2021

  12. Fire eye Report, https://content.fireeye.com/apt-41/rpt-apt41/. Accessed 10 Jan 2021

  13. Fire eye Report, https://www.fireeye.com/current-threats/apt-groups.html. Accessed 10 Jan 2021

  14. Attivo Networks. BOTsink. https://attivonetworks.com/product/attivo-botsink. Accessed 12 Jan 2021.

  15. I. Ghafir, V. Prenosil, Proposed approach for targeted attacks detection, in Advanced Computer and Communication Engineering Technology (Springer, Cham, 2016), pp. 73–80

    Google Scholar 

  16. H.A. Glory, C. Vigneswaran, S.S. Jagtap, R. Shruthi, G. Hariharan, V.S. Shankar Sriram, AHW-BGOA-DNN: a novel deep learning model for epileptic seizure detection. Neural Comput. Appl. 1–29 (2020)

    Google Scholar 

  17. J. Vukalović, D. Delija, Advanced persistent threats-detection and defense, in 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (IEEE, 2015), pp. 1324–1330

    Google Scholar 

  18. P. Chen, L. Desmet, C. Huygens, A study on advanced persistent threats, in IFIP International Conference on Communications and Multimedia Security (Springer, Berlin, 2014), pp. 63–72

    Google Scholar 

  19. C. Vigneswaran, V.S. Shankar Sriram, Unsupervised bin-wise pre-training: a fusion of information theory and hypergraph. Knowl. Based Syst. 195, 105650 (2020)

    Google Scholar 

  20. Guan, Z., L. Bian, T. Shang, J. Liu, When machine learning meets security issues: a survey, in 2018 IEEE International Conference on Intelligence and Safety for Robotics (ISR). IEEE (2018), pp. 158–165

    Google Scholar 

  21. P.K. Sharma, S.Y. Moon, D. Moon, J.H. Park, DFA-AD: a distributed framework architecture for the detection of advanced persistent threats. Cluster Comput. 20(1), 597–609 (2017)

    Google Scholar 

  22. D. Moon, H. Im, I. Kim, J.H. Park, DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomput. 73(7), 2881–2895 (2017)

    Google Scholar 

  23. M. Ussath, D. Jaeger, F. Cheng, C. Meinel, Advanced persistent threats: behind the scenes, in 2016 Annual Conference on Information Science and Systems (CISS) (IEEE, 2016), pp. 181–186

    Google Scholar 

  24. E.M. Hutchins, J.C. Michael, R.M. Amin, Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)

    Google Scholar 

  25. Mandiant. The Advanced Persistent Threat. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf. Accessed on 30 Mar 2021

  26. W. Tounsi, H. Rais, A survey on technical threat intelligence in the age of sophisticated cyber-attacks. Comput. Secur. 72, 212–233 (2018)

    Article  Google Scholar 

  27. Trend Micro, The Custom Defense Against Targeted Attacks. Technical report (Trend Micro, Tokyo, 2013)

    Google Scholar 

  28. F. Skopik, G. Settanni, R. Fiedler, I. Friedberg, Semi-synthetic data set generation for security software , in 2014 Twelfth Annual International Conference on Privacy, Security and Trust (IEEE, 2014), pp. 156–163

    Google Scholar 

  29. W. Matsuda, M. Fujimoto, T. Mitsunaga, Detecting APT attacks against active directory using machine leaning, in 2018 IEEE Conference on Application, Information and Network Security (AINS). IEEE (2018), pp. 60–65

    Google Scholar 

  30. S. Singh, P.K. Sharma, S.Y. Moon, D. Moon, J.H. Park, A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J. Supercomput. 75(8), 4543–4574 (2019)

    Google Scholar 

  31. A. Bohara, U. Thakore, W.H. Sanders, Intrusion detection in enterprise systems by combining and clustering diverse monitor data, in Proceedings of the Symposium and Bootcamp on the Science of Security (2016), pp. 7–16

    Google Scholar 

  32. I. Friedberg, F. Skopik, G. Settanni, R. Fiedler, Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)

    Article  Google Scholar 

  33. I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, F.J. Aparicio-Navarro, Detection of advanced persistent threat using machine-learning correlation analysis. Futur. Gener. Comput. Syst. 89, 349–359 (2018)

    Article  Google Scholar 

  34. K. Krithivasan, S. Pravinraj, V.S. Shankar Sriram, Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraph-based convolution neural network (EPCA-HG-CNN). IEEE Trans. Ind. Appl. 56(4), 4394–4404 (2020)

    Google Scholar 

  35. M. Salem, M. Mohammed, Feasibility approach based on SecMonet framework to protect networks from advanced persistent threat attacks, in International Conference on Emerging Internetworking, Data & Web Technologies (Springer, Cham, 2019), pp. 333–343

    Google Scholar 

  36. R.P. Baksi, S.J. Upadhyaya, A comprehensive model for elucidating advanced persistent threats (APT), in Proceedings of the International Conference on Security and Management (SAM) (2018), pp. 245–251

    Google Scholar 

  37. G. Berrada, J. Cheney, S. Benabderrahmane, W. Maxwell, H. Mookherjee, A. Theriault, R. Wright, A baseline for unsupervised advanced persistent threat detection in system-level provenance. Futur. Gener. Comput. Syst. 108, 401–413 (2020)

    Article  Google Scholar 

  38. T. Schindler, Anomaly detection in log data using graph databases and machine learning to defend advanced persistent threats. arXiv preprint arXiv:1802.00259 (2018)

  39. C. Wen-Lin, C.-J. Lin, K.-N. Chang, Detection and classification of advanced persistent threats and attacks using the support vector machine. Appl. Sci. 9(21), 4579 (2019)

    Article  Google Scholar 

  40. J. Tan, J. Wang, Detecting advanced persistent threats based on entropy and support vector machine, in International Conference on Algorithms and Architectures for Parallel Processing (Springer, Cham, 2018), pp. 153–165

    Google Scholar 

  41. D.X. Cho, H.H. Nam, A method of monitoring and detecting apt attacks based on unknown domains. Procedia Comput. Sci. 150, 316–323 (2019)

    Google Scholar 

  42. P. Giura, W. Wang, Using large scale distributed computing to unveil advanced persistent threats. Science 1(3), 93 (2013)

    Google Scholar 

  43. A. Singh, Z. Bu, Hot knives through butter: Evading file-based sandboxes. Threat Research Blog. Accessed on 20 Apr 2021 (2013)

    Google Scholar 

  44. F.M. Al-Matarneh, Advanced persistent threats and its role in network security vulnerabilities. Int. J. Adv. Res. Comput. Sci. 11(1) (2020)

    Google Scholar 

  45. J. Sexton, C. Storlie, B. Anderson, Subroutine based detection of APT malware. J. Comput. Virol. Hacking Technol. 12(4), 225–233 (2016)

    Article  Google Scholar 

  46. M. Marchetti, F. Pierazzi, M. Colajanni, A. Guido, Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)

    Article  Google Scholar 

  47. T. Micro, Countering the advanced persistent threat challenge with deep discovery. Retrieved 10(10) (2013)

    Google Scholar 

  48. M.R.G. Raman, N. Somu, K. Kirthivasan, R. Liscano, V.S. Shankar Sriram, An efficient intrusion detection system based on hypergraph-genetic algorithm for parameter optimization and feature selection in support vector machine. Knowl.-Based Syst. 134, 1–12 (2017)

    Google Scholar 

  49. J. Sexton, C. Storlie, J. Neil, Attack chain detection Statistical analysis and data mining. ASA Data Sci. J. 8(5–6), 353–363 (2015)

    MATH  Google Scholar 

  50. F. Skopik, G. Settanni, R. Fiedler, A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)

    Article  Google Scholar 

  51. AlertEnterprise. Sentry CyberSCADA. http://www.alertenterprise.com/products-EnterpriseSentryCybersecuritySCADA.php. Accessed 12 Jan 2021

  52. X. Wang, K. Zheng, X. Niu, B. Wu, C. Wu, Detection of command and control in advanced persistent threat based on independent access, in 2016 IEEE International Conference on Communications (ICC) (IEEE, 2016), pp. 1–6

    Google Scholar 

  53. O.I. Adelaiye, S. Aminat, S.A. Faki, Evaluating advanced persistent threats mitigation effects: a review. Int. J. Inf. Secur. Sci. 7(4), 159–171 (2018)

    Google Scholar 

  54. M.Z. Rafique, P. Chen, C. Huygens, W. Joosen, Evolutionary algorithms for classification of malware families through different network behaviors, in Proceedings of the 2014 Annual Conference on Genetic and Evolutionary Computation (2014), pp. 1167–1174

    Google Scholar 

  55. L. Xiao, D. Xu, N.B. Mandayam, H. Vincent Poor, Attacker-centric view of a detection game against advanced persistent threats. IEEE Trans. Mobile Comput. 17(11), 2512–2523 (2018)

    Google Scholar 

  56. M.A.M. Hasan, M. Nasser, S. Ahmad, K.I. Molla, Feature selection for intrusion detection using random forest. J. Inf. Secur. 7(3), 129–140 (2016)

    Google Scholar 

  57. A.M. Lajevardi, M. Amini, A semantic-based correlation approach for detecting hybrid and low-level APTs. Fut. Gener. Comput. Syst. 96, 64–88 (2019)

    Google Scholar 

  58. P. Giura, W. Wang, A context-based detection framework for advanced persistent threats, in 2012 International Conference on Cyber Security (IEEE, 2012), pp. 69–74

    Google Scholar 

  59. L. Shang, D. Guo, Y. Ji, Q. Li, Discovering unknown advanced persistent threat using shared features mined by neural networks. Comput. Netw. 189,107937 (2021)

    Google Scholar 

  60. Y. Shi, G. Chen, J. Li, Malicious domain name detection based on extreme machine learning. Neural Process. Lett. 48(3), 1347–1357 (2018)

    Article  Google Scholar 

  61. M. Schmid, F. Hill, A.K. Ghosh, Protecting data from malicious software, in 18th Annual Computer Security Applications Conference, 2002. Proceedings (IEEE, 2002), pp. 199–208

    Google Scholar 

  62. C. Adams, A.A. Tambay, D. Bissessar, R. Brien, J. Fan, M. Hezaveh, J. Zahed, Using machine learning to detect APTs on a user workstation. Int. J. Sens. Netw. Data Commun. 8(2), (2019)

    Google Scholar 

  63. I. Jeun, Y. Lee, D.A. Won, A practical study on advanced persistent threats. Computer applications for security. Control Syst. Eng. 144–152 (2012)

    Google Scholar 

  64. Ş. Bahtiyar, B.Y. Mehmet, C.Y. Altıniğne, A multi-dimensional machine learning approach to predict advanced malware. Comput. Netw. 160, 118–129 (2019)

    Google Scholar 

  65. P. Lamprakis, R. Dargenio, D. Gugelmann, V. Lenders, M. Happe, L. Vanbever, Unsupervised detection of APT C&C channels using web request graphs, in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (Springer, Cham, 2017), pp. 366–387

    Google Scholar 

  66. C. Neasbitt, R. Perdisci, K. Li, T. Nelms, Clickminer: towards forensic reconstruction of user-browser interactions from network traces, in Proceedings of the ACM CCS 2014 (ACM, 2014), pp. 1244–1255

    Google Scholar 

  67. S. Siddiqui, M.S. Khan, K. Ferens, W. Kinsner, Detecting advanced persistent threats using fractal dimension based machine learning classification, in Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics (2016), pp. 64–69

    Google Scholar 

Download references

Acknowledgements

This work was supported by The Department of Science and Technology- Interdisciplinary Cyber-Physical System (T-615)

Author information

Authors and Affiliations

  1. School of Computing, Centre for Information Super Highway (CISH), SASTRA Deemed University, Thanjavur, India

    M. K. Vishnu Priya & V. S. Shankar Sriram

Authors
  1. M. K. Vishnu Priya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. S. Shankar Sriram
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to V. S. Shankar Sriram .

Editor information

Editors and Affiliations

  1. Department of Computer Science, Maharaja Sriram Chandra BhanjaDeo (MSCB) University, Baripada, Odisha, India

    Janmenjoy Nayak

  2. Department of Information Technology, Veer Surendra Sai University of Technology, Sambalpur, Odisha, India

    H.S. Behera

  3. Department of Computer Application, Veer Surendra Sai University of Technology, Sambalpur, Odisha, India

    Bighnaraj Naik

  4. Department of AI & DS, Ramco Institute of Technology, Rajapalayam, Tamil Nadu, India

    S. Vimal

  5. Faculty of Communication Sciences, University of Teramo, Teramo, Italy

    Danilo Pelusi

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vishnu Priya, M.K., Shankar Sriram, V.S. (2022). An Incisive Analysis of Advanced Persistent Threat Detection Using Machine Learning Techniques. In: Nayak, J., Behera, H., Naik, B., Vimal, S., Pelusi, D. (eds) Computational Intelligence in Data Mining. Smart Innovation, Systems and Technologies, vol 281. Springer, Singapore. https://doi.org/10.1007/978-981-16-9447-9_5

Download citation

Publish with us

Policies and ethics

Search

Navigation