Skip to main content
SpringerLink
Log in

Advance Persistent Threat Detection Using Long Short Term Memory (LSTM) Neural Networks

  • Conference paper
  • First Online:
Emerging Technologies in Computer Engineering: Microservices in Big Data Analytics (ICETCE 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 985))

Abstract

Advance Persistent Threat (APT) is a malware attack on sensitive corporate, banking networks and stays there for a long time undetected. In real time corporate networks, identifying the presence of intruder is a big challenging task to security experts. Recent APT attacks like Carbanak and The Big Bang ringing alarms globally. New methods for data exfiltration and evolving malware techniques are two main reasons for rapid and robust APT evolution. In this paper, we propose a method for APT detection System for real time corporate and banking organizations by using Long Short Term Memory (LSTM) Neural networks in order to analyze huge amount of SIEM (Security Information and Event Management) system event logs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kaspersky Lab: The Great Bank Robbery: The Carbanak APT (Detailed Investigation Report) (2015). https://securelist.com/the-great-bank-robbery-the-carbanak-apt/6873/

  2. McAfee Labs Threats Report, June 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-jun-2018.pdf

  3. Messaoud, B.I.D., et al.: Advanced persistent threat: new analysis driven by life cycle phases and their challenges. In: International Conference on Advanced Communication Systems and Information Security (ACOSIS). IEEE (2016)

    Google Scholar 

  4. DeepLocker: How AI Can Power a Stealthy New Breed of Malware (2018). https://securityintelligence.com/deeplocker-how-ai-can-power-a-stealthy-new-breed-of-malware/

  5. Kharitonov, D., Ibatullin, O.: Extended security risks in IP networks. arXiv preprint arXiv:1309.5997 (2013)

  6. Kaspersky Security Bulletin (2015). https://securelist.com/kaspersky-security-bulletin-2015-overall-statistics-for-2015/73038/

  7. The Big Bang APT (2018). https://research.checkpoint.com/apt-attack-middle-east-big-bang/

  8. Marchetti, M., et al.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)

    Article  Google Scholar 

  9. Zhao, G., et al.: Detecting APT malware infections based on malicious DNS and traffic analysis. IEEE Access 3, 1132–1142 (2015)

    Article  Google Scholar 

  10. Kayacik, H.G., et al.: Detecting Anomalous Hypertext Transfer Protocol (HTTP) Events from Semi-Structured Data. U.S. Patent Application No. 15/420,560

    Google Scholar 

  11. Sai Charan, P.V.: Abnormal user pattern detection using semi-structured server log file analysis. In: Satapathy, S.C., Bhateja, V., Das, S. (eds.) Smart Intelligent Computing and Applications. SIST, vol. 104, pp. 97–105. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-1921-1_10

    Chapter  Google Scholar 

  12. Rot, A., Olszewski, B.: Advanced persistent threats attacks in cyberspace. Threats, vulnerabilities, methods of protection. In: 2017 Federated Conference on Computer Science and Information Systems, vol. 13 (2017)

    Google Scholar 

  13. Brickell, E.F., et al.: Method of improving computer security through sandboxing. U.S. Patent No. 7,908,653, 15 March 2011

    Google Scholar 

  14. IBM QRadar (The Intelligent SIEM). https://www.ibm.com/security/security-intelligence/qradar

  15. NetIQ. https://www.netiq.com/de-de/

  16. Jasek, R., Kolarik, M., Vymola, T.: APT detection system using honeypots. In: Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC 2013), WSEAS Press (2013)

    Google Scholar 

  17. Ali, P.D., Gireesh Kumar, T.: Malware capturing and detection in dionaea honeypot. In: 2017 Innovations in Power and Advanced Computing Technologies (i-PACT). IEEE (2017)

    Google Scholar 

  18. Anastasov, I.: DancoDavcev.: SIEM implementation for global and distributed environments. In: 2014 World Congress on Computer Applications and Information Systems (WCCAIS). IEEE (2014)

    Google Scholar 

  19. Apache-Hadoop. http://Hadoop.apache.org

  20. Apache-Hive. https://hive.apache.org/

  21. Armour, D.J., Kalki, J.: Determining computer system usage from logged events. U.S. Patent No. 8,185,353, 22 May 2012

    Google Scholar 

  22. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)

    Article  Google Scholar 

  23. Hochreiter, S., Schmidhuber, J.: LSTM can solve hard long time lag problems. In: Advances in Neural Information Processing Systems (1997)

    Google Scholar 

  24. Ma, X., et al.: Long short-term memory neural network for traffic speed prediction using remote microwave sensor data. Transp. Res. Part C: Emerg. Technol. 54, 187–197 (2015)

    Article  Google Scholar 

  25. Tensorflow. https://www.tensorflow.org/

Download references

Author information

Authors and Affiliations

  1. TIFAC-CORE in Cyber Security, Amrita school of Engineering, Amrita Vishwa Vidyapeetham, Amrita University, Coimbatore, India

    P. V. Sai Charan, T. Gireesh Kumar & P. Mohan Anand

Authors
  1. P. V. Sai Charan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. T. Gireesh Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. P. Mohan Anand
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to P. V. Sai Charan .

Editor information

Editors and Affiliations

  1. College of Engineering, Iowa State University, Ames, IA, USA

    Arun K. Somani

  2. National University of Singapore, Singapore, Singapore

    Seeram Ramakrishna

  3. Swami Keshvanand Institute of Technology Management and Gramothan, Jaipur, India

    Anil Chaudhary

  4. Swami Keshvanand Institute of Technology Management and Gramothan, Jaipur, India

    Chothmal Choudhary

  5. Swami Keshvanand Institute of Technology Management and Gramothan, Jaipur, India

    Basant Agarwal

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sai Charan, P.V., Gireesh Kumar, T., Mohan Anand, P. (2019). Advance Persistent Threat Detection Using Long Short Term Memory (LSTM) Neural Networks. In: Somani, A., Ramakrishna, S., Chaudhary, A., Choudhary, C., Agarwal, B. (eds) Emerging Technologies in Computer Engineering: Microservices in Big Data Analytics. ICETCE 2019. Communications in Computer and Information Science, vol 985. Springer, Singapore. https://doi.org/10.1007/978-981-13-8300-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-8300-7_5

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-8299-4

  • Online ISBN: 978-981-13-8300-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation