Skip to main content
SpringerLink
Log in

DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Due to rapid growth of communications and networks, a cyber-attack with malicious codes has been coming as a new paradigm in information security area since last few years. In particular, an advanced persistent threats (APT) attack is bringing out big social issues. The APT attack uses social engineering methods to target various systems for intrusions. It breaks down the security of the target system to leak information or to destroy the system by giving monetary damages on the target. APT attacks make relatively simple attacks such as spear phishing during initial intrusion but a back door is created by leaking the long-term information after initial intrusion, and it transmits the malicious code by analyzing the internal network. In this paper, we propose an intrusion detection system based on the decision tree using analysis of behavior information to detect APT attacks that intellectually change after intrusion into a system. Furthermore, it can detect the possibility on the initial intrusion and minimize the damage size by quickly responding to APT attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Nikos V, Gritzalis D, Apostolopoulos T (2013) Trusted Computing vs. advanced persistent threats: can a defender win this game?. In: Ubiquitous Intelligence and Computing, 2013 IEEE 10th international conference on and 10th international conference on autonomic and trusted computing (UIC/ATC). IEEE, pp 396–403

  2. Nikos V, Gritzalis D (2013) The big four-what we did wrong in advanced persistent threat detection?. In: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on. IEEE

  3. Seresht NA, Azmi R. MAIS-IDS: a distributed intrusion detection system using multi-agent AIS approach. Eng Appl Artif Intell 35:286–298

  4. Hung-Jen L, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: A comprehensive. J Netw Comput Appl 36(1):16–24

    Article  Google Scholar 

  5. Gaur Madhu Sharma, Pant Bhaskar (2015) Trusted and secure clustering in mobile pervasive environment. Human-centric Comput Inf Sci 5(32):19

    Google Scholar 

  6. Kang H-S (2015) A real-time integrated hierarchical temporal memory network for the real-time continuous multi-interval prediction of data streams. J Inf Process Syst 11(1):39–56

    MathSciNet  Google Scholar 

  7. Falliere N, Murchu Liam O, Chien E (2011) W32.Stuxnet Dossier Version 1.4 (February 2011). Symantec Corporation

  8. Bencsáth B, Pék G, Buttyán L, Félegyházi M (2012) Duqu: analysis, detection, and lessons learned. ACM Eur Workshop Syst Secur (EuroSec) 2012

  9. (2013) The ‘Red October’ Campaign—an advanced cyber espionage network targeting diplomatic and government agencies. GReAT, Kaspersky Lab

  10. (2015) CARBANAK APT THE GREAT BANK ROBBERY”, Version 2.1. Kaspersky lab

  11. Modi C, Patel D, Borisaniya B, Patel H, Patel Avi, Rajarajan Muttukrishnan (2013) A survey of intrusion detection techniques in Cloud. J Netw Comput Appl 36(1):42–57

    Article  Google Scholar 

  12. Nissim N, Moskovitch R, Rokach L, Elovici Y (2014) Novel active learning methods for enhanced PC malware detection in windows OS. Expert Syst Appl 41(13):5843–5857

    Article  Google Scholar 

  13. Ahn Hosang, Kim Hanna, Park Jae Roh (2014) Smart Monitoring of indoor asbestos based on the distinct optical properties of asbestos from particulate matters. J Converg 5(4):11–14

    Google Scholar 

  14. Pradhan B (2013) A comparative study on the predictive ability of the decision tree, support vector machine and neuro-fuzzy models in landslide susceptibility mapping using GIS. Comput Geosci 51:350–365

    Article  Google Scholar 

  15. Jidiga GR, Sammulal P (2014) Anomaly detection using machine learning with a case study. In: 2014 IEEE international conference on advanced communication control and computing technologies (ICACCCT), pp 1060–1065

  16. Alam S, Horspool RN, Traore I, Sogukpinar I (2015) A framework for metamorphic malware analysis and real-time detection. Comput Secur 48:212–233

    Article  Google Scholar 

  17. Mohaisen A, Alrawi O, Mohaisen M (2015) Amal: high-fidelity, behavior-based automated malware analysis and classification. Comput Secur 1–16

  18. Wang P, Wang Y-S (2015) Malware behavioural detection and vaccine development by using a support vector model classifier. J Comput Syst Sci 81(6):1012–1026

    Article  Google Scholar 

  19. Elhadi AAE, Maarof MA, Barry BIA, Hamza H (2014) Enhancing the detection of metamorphic malware using call graphs. Computer Secur 46:62–78

    Article  Google Scholar 

  20. Wu LIU, Ping REN, Ke LIU, Hai-xin DUAN (2011) Behavior-based malware analysis and detection. In: 2011 first international workshop on complexity and data mining, pp 39-42

  21. Ki Y, Kim E, Kim HK (2015) A novel approach to detect malware based on API call sequence analysis. Int J Distrib Sensor Netw 2015(Article ID 659101):9

  22. Tian R, Islam MR, Batten L, Versteeg S (October 2010) Differentiating malware from cleanware using behavioural analysis. In: Proceedings of the 5th International Conference onMalicious and Unwanted Software (MALWARE ’10). Nancy, France, pp 23–30

  23. Ye Y, Wang D, Li T, Ye D (2007) IMDS: intelligent malware detection system. In: Proceedings of the 13th ACM SIGKDD International conference on knowledge discovery and data mining. ACM, pp 1043–1047

  24. Sathyanarayan VS, Kohli P, Bruhadeshwar B (2008) Signature generation and detection of malware families. In: Information Security and Privacy. Springer, Berlin

  25. API Monitor. http://www.rohitab.com/apimonitor, Accessed 30 Nov 2015

  26. Malshare. http://malshare.com/, Accessed 30 Nov 2015

Download references

Acknowledgments

This work was supported by Institute for Information and communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. B0101-15-1293, Cyber targeted attack recognition and trace-back technology based on long-term historic analysis of multi-source data)

Author information

Authors and Affiliations

  1. Network Security Research Team, Electronics and Telecommunications Research Institute, Daejeon, Republic of Korea

    Daesung Moon & Ikkyun Kim

  2. Department of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech), Seoul, Republic of Korea

    Hyungjin Im & Jong Hyuk Park

Authors
  1. Daesung Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hyungjin Im
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ikkyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jong Hyuk Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jong Hyuk Park.

Ethics declarations

Conflict of interest

The authors declare that there is no conflict of interests regarding the publication of this paper.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Moon, D., Im, H., Kim, I. et al. DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J Supercomput 73, 2881–2895 (2017). https://doi.org/10.1007/s11227-015-1604-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-015-1604-8

Keywords

Search

Navigation