Attribution Classification Method of APT Malware in IoT Using Machine Learning Techniques-Reference-Cited by-同舟云学术

Attribution Classification Method of APT Malware in IoT Using Machine Learning Techniques

Published:2021-09-06 Issue: Volume:2021 Page:1-12
ISSN:1939-0122
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

Li Shudong¹^ORCID,Zhang Qianqing¹^ORCID,Wu Xiaobo²^ORCID,Han Weihong¹^ORCID,Tian Zhihong¹^ORCID

Affiliation:

1. Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China

2. School of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou 510006, China

Abstract

In recent years, the popularity of IoT (Internet of Things) applications and services has brought great convenience to people's lives, but ubiquitous IoT has also brought many security problems. Among them, advanced persistent threat (APT) is one of the most representative attacks, and its continuous outbreak has brought unprecedented security challenges for the large-scale deployment of the IoT. However, important research on analyzing the attribution of APT malware samples is still relatively few. Therefore, we propose a classification method for attribution organizations with APT malware in IoT using machine learning. It aims to mark the real attacking organization entities to better identify APT attack activity and protect the security of IoT. This method performs feature representation and feature selection based on APT behavior data obtained from devices in the Internet of Things and selects the features with a high degree of differentiation among organizations. Then, it trains a multiclass model named SMOTE-RF that can better deal with imbalance and multiclassification problems. Our experiments on real dynamic behavior data are combined to verify the effectiveness of the method proposed in this paper for attribution analysis of APT malware samples and achieve good performance. Our method could identify the organization behind complex APT attacks in IoT devices and services.

Funder

Key R D Program of Guangdong Province

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2021/9396141.pdf

Reference30 articles.

1. Security in Mobile Edge Caching with Reinforcement Learning

2. A novel solution for malicious code detection and family clustering based on machine learning;H. Yang

3. Advanced persistent threat attack detection: an overview;I. Ghafir;International Journal Of Advances In Computer Networks And Its Security,2014

4. Stuxnet, the real start of cyber warfare? [Editor's Note]

5. Advanced persistent threat organization identification based on software gene of malware

Cited by 50 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Novel Network Forensic Framework for Advanced Persistent Threat Attack Attribution Through Deep Learning;IEEE Transactions on Intelligent Transportation Systems;2024-09

2. APT Attack Detection Using Packet Flow and Optimized Ensemble Machine Learning with Low Time Complexity;2024 IEEE Symposium on Wireless Technology & Applications (ISWTA);2024-07-20

3. Developing a hybrid feature selection method to detect botnet attacks in IoT devices;Kuwait Journal of Science;2024-07

4. Research on APT Malware Detection Based on BERT-Transformer-TextCNN Modeling;Proceedings of the 2024 International Conference on Generative Artificial Intelligence and Information Security;2024-05-10

5. Research on deep-learning-based techniques for advanced persistent threat malware detection and attribution;Fourth International Conference on Sensors and Information Technology (ICSI 2024);2024-05-06