Abstract
Advance Persistent Threat (APT) is a malware attack on sensitive corporate, banking networks and stays there for a long time undetected. In real time corporate networks, identifying the presence of intruder is a big challenging task to security experts. Recent APT attacks like Carbanak and The Big Bang ringing alarms globally. New methods for data exfiltration and evolving malware techniques are two main reasons for rapid and robust APT evolution. In this paper, we propose a method for APT detection System for real time corporate and banking organizations by using Long Short Term Memory (LSTM) Neural networks in order to analyze huge amount of SIEM (Security Information and Event Management) system event logs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kaspersky Lab: The Great Bank Robbery: The Carbanak APT (Detailed Investigation Report) (2015). https://securelist.com/the-great-bank-robbery-the-carbanak-apt/6873/
McAfee Labs Threats Report, June 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-jun-2018.pdf
Messaoud, B.I.D., et al.: Advanced persistent threat: new analysis driven by life cycle phases and their challenges. In: International Conference on Advanced Communication Systems and Information Security (ACOSIS). IEEE (2016)
DeepLocker: How AI Can Power a Stealthy New Breed of Malware (2018). https://securityintelligence.com/deeplocker-how-ai-can-power-a-stealthy-new-breed-of-malware/
Kharitonov, D., Ibatullin, O.: Extended security risks in IP networks. arXiv preprint arXiv:1309.5997 (2013)
Kaspersky Security Bulletin (2015). https://securelist.com/kaspersky-security-bulletin-2015-overall-statistics-for-2015/73038/
The Big Bang APT (2018). https://research.checkpoint.com/apt-attack-middle-east-big-bang/
Marchetti, M., et al.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)
Zhao, G., et al.: Detecting APT malware infections based on malicious DNS and traffic analysis. IEEE Access 3, 1132–1142 (2015)
Kayacik, H.G., et al.: Detecting Anomalous Hypertext Transfer Protocol (HTTP) Events from Semi-Structured Data. U.S. Patent Application No. 15/420,560
Sai Charan, P.V.: Abnormal user pattern detection using semi-structured server log file analysis. In: Satapathy, S.C., Bhateja, V., Das, S. (eds.) Smart Intelligent Computing and Applications. SIST, vol. 104, pp. 97–105. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-1921-1_10
Rot, A., Olszewski, B.: Advanced persistent threats attacks in cyberspace. Threats, vulnerabilities, methods of protection. In: 2017 Federated Conference on Computer Science and Information Systems, vol. 13 (2017)
Brickell, E.F., et al.: Method of improving computer security through sandboxing. U.S. Patent No. 7,908,653, 15 March 2011
IBM QRadar (The Intelligent SIEM). https://www.ibm.com/security/security-intelligence/qradar
NetIQ. https://www.netiq.com/de-de/
Jasek, R., Kolarik, M., Vymola, T.: APT detection system using honeypots. In: Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC 2013), WSEAS Press (2013)
Ali, P.D., Gireesh Kumar, T.: Malware capturing and detection in dionaea honeypot. In: 2017 Innovations in Power and Advanced Computing Technologies (i-PACT). IEEE (2017)
Anastasov, I.: DancoDavcev.: SIEM implementation for global and distributed environments. In: 2014 World Congress on Computer Applications and Information Systems (WCCAIS). IEEE (2014)
Apache-Hadoop. http://Hadoop.apache.org
Apache-Hive. https://hive.apache.org/
Armour, D.J., Kalki, J.: Determining computer system usage from logged events. U.S. Patent No. 8,185,353, 22 May 2012
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Hochreiter, S., Schmidhuber, J.: LSTM can solve hard long time lag problems. In: Advances in Neural Information Processing Systems (1997)
Ma, X., et al.: Long short-term memory neural network for traffic speed prediction using remote microwave sensor data. Transp. Res. Part C: Emerg. Technol. 54, 187–197 (2015)
Tensorflow. https://www.tensorflow.org/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sai Charan, P.V., Gireesh Kumar, T., Mohan Anand, P. (2019). Advance Persistent Threat Detection Using Long Short Term Memory (LSTM) Neural Networks. In: Somani, A., Ramakrishna, S., Chaudhary, A., Choudhary, C., Agarwal, B. (eds) Emerging Technologies in Computer Engineering: Microservices in Big Data Analytics. ICETCE 2019. Communications in Computer and Information Science, vol 985. Springer, Singapore. https://doi.org/10.1007/978-981-13-8300-7_5
Download citation
DOI: https://doi.org/10.1007/978-981-13-8300-7_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-8299-4
Online ISBN: 978-981-13-8300-7
eBook Packages: Computer ScienceComputer Science (R0)