Advertisement

Detecting Advanced Persistent Threats Based on Entropy and Support Vector Machine

  • Jiayu Tan
  • Jian Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11337)

Abstract

Advanced Persistent Threats (APTs) have become the critical issue in high security network. The high pertinence, disguise and phasing make it even more ineffective to be discovered by traditional detection technologies. APTs continuously gather information and data from targeted objects, using various of exploits to penetrate the organization. The current threat detection methods take advantage of machine learning algorithm using statistical and behavioral characteristics of the network traffic. The key problem using machine learning algorithm is to find a appropriate feature vector to be fed into the learner. This paper presents an entropy-based detection using support vector machine, aiming to find the traffic containing APT attack, so that attacking stream will be restricted in a smaller range of network traffic which makes it much easier to be found in further analysis. The experimental results show that the proposed method can more effectively and efficiently distinguish the traffic containing ATP streams from the normal.

Keywords

Advanced persistent threats Machine learning Entropy Detection Traffic 

References

  1. 1.
    Barceló-Rico, F., Esparcia-Alcázar, A.I., Villalón-Huerta, A.: Semi-supervised classification system for the detection of advanced persistent threats. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H.A. (eds.) Recent Advances in Computational Intelligence in Defense and Security. SCI, vol. 621, pp. 225–248. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-26450-9_9CrossRefGoogle Scholar
  2. 2.
    Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: Duqu: a stuxnet-like malware found in the wild. CrySyS Lab Tech. Rep. 14, 1–60 (2011)Google Scholar
  3. 3.
    Brewer, R.: Advanced persistent threats: minimising the damage. Netw. Secur. 2014(4), 5–9 (2014)CrossRefGoogle Scholar
  4. 4.
    Chien, E., O’Murchu, L., Falliere, N.: W32.Duqu: the precursor to the next stuxnet. In: LEET (2012)Google Scholar
  5. 5.
    Devi, S.R., Yogesh, P.: A hybrid approach to counter application layer DDoS attacks. Int. J. Crypt. Inf. Secur. (IJCIS) 2(2), 45 (2012)Google Scholar
  6. 6.
    Ferreira, D.C., Vázquez, F.I., Vormayr, G., Bachl, M., Zseby, T.: A meta-analysis approach for feature selection in network traffic research. In: Proceedings of the Reproducibility Workshop, pp. 17–20. ACM (2017)Google Scholar
  7. 7.
    Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Lu, J., Zhang, X., Junfeng, W., Lingyun, Y.: APT traffic detection based on time transform. In: 2016 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp. 9–13. IEEE (2016)Google Scholar
  9. 9.
    Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)CrossRefGoogle Scholar
  10. 10.
    Marchetti, M., Pierazzi, F., Guido, A., Colajanni, M.: Countering advanced persistent threats through security intelligence and big data analytics. In: 2016 8th International Conference on Cyber Conflict (CyCon), pp. 243–261. IEEE (2016)Google Scholar
  11. 11.
    McAfee: Combating advanced persistent threats-how to prevent, detect, and remediate APTs (2011). www.write-angle.com/wp-content/uploads/2011/04/Combating-Advanced-Persistent-Threats.pdf
  12. 12.
    McClure, N.: Tensorflow machine learning cookbook (2017)Google Scholar
  13. 13.
    Ng, S., Bakhtiarib, M.: Advanced persistent threat detection based on network traffic noise pattern and analysis. J. Adv. Res. Comput. Appl. 21, 1–18 (2016)Google Scholar
  14. 14.
    Parkour, M.: Contagio malware database (2013). www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION
  15. 15.
    Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Shick, D., Horneman, A.: Investigating advanced persistent threat 1 (APT1) (2014)Google Scholar
  17. 17.
    Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics, pp. 64–69. ACM (2016)Google Scholar
  18. 18.
    Wang, X., Zheng, K., Niu, X., Wu, B., Wu, C.: Detection of command and control in advanced persistent threat based on independent access. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2016)Google Scholar
  19. 19.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.College of Computer Science and TechnologyNanjing University of Aeronautics and AstronauticsNanjingChina

Personalised recommendations