Affiliation:
1. An-Najah National University
Abstract
Advanced Persistent Threat (APT) has become the concern of many enterprise networks. APT can remain unde- tected for a long time span and lead to undesirable consequences such as stealing of sensitive data, broken workflow, and so on. APTs often use evasion techniques to avoid being detected by security systems like Intrusion Detection System (IDS), Security Event Information Management (SIEMs) or firewalls. Also, it makes it difficult to detect the root cause with forensic analysis. Therefore, companies try to identify APTs by defining rules on their IDS. However, besides the time and effort needed to iteratively refine those rules, new attacks cannot be detected. In this paper, we propose a framework to detect and conduct forensic analysis for APTs in HTTP and SMTP traffic. At the heart of the proposed framework is the detection algorithm that is driven by unsupervised machine learning. Experimental results on public datasets demonstrate the effectiveness of the proposed framework with more than 80% detection rate and with less than 5% false-positive rate.
Publisher
European Journal of Science and Technology
Subject
General Earth and Planetary Sciences,General Environmental Science
Reference22 articles.
1. A. Benzekri, R. Laborde, A. Oglaza, D. Rammal, and F. Barre`re, “Dynamic security management driven by situations: An exploratory analysis of logs for the identification of security situations,” in 2019 3rd Cyber Security in Networking Conference (CSNet), 2019, pp. 66–72.
2. (2015) Introduction to Cybercrime. [Online]. Available: interpol.int/en/Crimes/Cybercrime
3. Q. Zhang, H. Li, and J. Hu, “A study on security framework against advanced persistent threat,” in 2017 7th IEEE International Conference on Electronics Information and Emergency Communication (ICEIEC), 2017, pp. 128–131.
4. (2022) Advanced persistent threat (apt) attacks. [Online]. Available: https://www.cynet.com/advanced-persistent-threat-apt-attacks
5. M. Khosravi-Farmad, A. A. Ramaki, and A. G. Bafghi, “Moving target defense against advanced persistent threats for cybersecurity enhancement,” in 2018 8th International Conference on Computer and Knowledge Engineering (ICCKE), 2018, pp. 280–285.