Feasibility Approach Based on SecMonet Framework to Protect Networks from Advanced Persistent Threat Attacks

  • Maher SalemEmail author
  • Moayyad Mohammed
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 29)


Advanced Persistent Threat (APT) principally steal data once the attacker gains unauthorized access to network resources. In this paper, we propose a detection and defense technique based on SecMonet framework to avoid this sophisticated attack. SecMonet is a security framework that can gather events and flows, normalize them, create a valuable dataset, train a classifier based neural networks, and detect and defend against APT attacks. In this regard, log data from logging servers or Firewall has been considered by SecMonet. In addition, a ranking criterion for detected suspicious activities has been also considered by the classifier to detect APT attack. The proposed method has been evaluated by a local simulated network and by a real network scenario. The result shows that the proposed technique can significantly detected APT attacks.


  1. 1.
    Vance, A.: Flow based analysis of advanced persistent threats. In: IEEE First International Scientific-Practical Conference: Problems of Info Communications. Science and Technology, Kharkov, Ukraine, pp. 173–176 (2014)Google Scholar
  2. 2.
    Vukalović, J., Delija, D.: Advanced persistent threats - detection and defense. In: International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, pp. 1324–1330 (2015)Google Scholar
  3. 3.
    Salem, M.: Adaptive Real-Time Anomaly-based Intrusion Detection Using Data Mining and Machine Learning Techniques. Kassel University, Kassel (2014)Google Scholar
  4. 4.
    Salem, M., Buehler, U.: Mining techniques in network security to enhance intrusion detection systems. Int. J. Netw. Secur. Appl. 4(6), 51–66 (2012)Google Scholar
  5. 5.
    Salem, M., Buehler, U.: An enhanced GHSOM for IDS. In: IEEE International Conference on Systems, Man, and Cybernetics, Manchester, UK, pp. 1138–1143 (2014)Google Scholar
  6. 6.
    Salem, M.: Normal Network Behavior Model: In Adaptive Real-time Anomaly-based Intrusion Detection using Data Mining and Machine Learning Techniques, pp. 96–99. University Kassel, Kassel (2014)Google Scholar
  7. 7.
    Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: IFIP International Conference on Communications and Multimedia Security, Berlin, pp. 63–72 (2014)Google Scholar
  8. 8.
    Ussath, M., Jaeger, D., Cheng, F., Meinel, C.: Advanced persistent threats: behind the scenes. In: Annual Conference on Information Science and Systems (CISS), Princeton, NJ, USA, pp. 181–186 (2016)Google Scholar
  9. 9.
    Bhatt, P., Toshiro Yano, E., Gustavsson, P.M.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: IEEE 8th International Symposium on Service Oriented System Engineering, Oxford, UK, pp. 390–395 (2014)Google Scholar
  10. 10.
    Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)CrossRefGoogle Scholar
  11. 11.
    Quader, F., Janeja, V., Stauffer, J.: Persistent threat pattern discovery. In: IEEE International Conference on Intelligence and Security Informatics (ISI), Baltimore, MD, USA, pp. 179–181 (2015)Google Scholar
  12. 12.
    Chandran, S., Hrudya, P., Poornachandran, P.: An efficient classification model for detecting advanced persistent threat. In: ICACCI, pp. 2001–2009. IEEE, India (2015)Google Scholar
  13. 13.
    Yang, L.X., Li, P., Yang, X.: Security evaluation of the cyber networks under advanced persistent threats. IEEE Access 5, 20111–20123 (2017)CrossRefGoogle Scholar
  14. 14.
    Niu, W., Zhang, X., Yang, G., Chen, R., Wang, D.: Modeling attack process of advanced persistent threat using network evolution. IEICE Trans. Inf. Syst. E100.D(10), 2275–2286 (2017)CrossRefGoogle Scholar
  15. 15.
    AbdElatif Mohamed, N., Jantan, A., Isaac Abiodun, O.: An improved behaviour specification to stop advanced persistent threat on governments and organizations network. In: Proceedings of the International MultiConference of Engineers and Computer Scientists, pp. 219–224. International Association of Engineers (IAENG), Hong Kong (2018)Google Scholar
  16. 16.
    Hu, P., Li, H., Fu, H., Cansever, D., Mohapatra, P.: Dynamic defense strategy against advanced persistent threat with insiders. In: IEEE Conference on Computer Communications (INFOCOM), pp. 747–755. IEEE, Kowloon (2015)Google Scholar
  17. 17.
    Rass, S., Koenig, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PLOS ONE 12(1), e0168675 (2017)CrossRefGoogle Scholar
  18. 18.
    Salem, M., Buehler, U.: A comprehensive model for revealing anomaly in network data flow. In: Lecture Notes in Informatics Proceedings, pp. 913–924. Gesellschaft für Informatik e.V., Bonn (2014)Google Scholar
  19. 19.
    Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for Advanced Persistent Threat detection. Comput. Netw. 109(2), 127–141 (2016)CrossRefGoogle Scholar
  20. 20.
    Salem, M., Buehler, U.: Transforming voluminous data flow into continuous connection vectors for IDS. Int. J. Internet Technol. Secur. Trans. 5(4), 307–326 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer Information and SciencesHigher Colleges of TechnologyAl AinUnited Arab Emirates

Personalised recommendations