Abstract
Advanced Persistent Threats (APTs) have become the critical issue in high security network. The high pertinence, disguise and phasing make it even more ineffective to be discovered by traditional detection technologies. APTs continuously gather information and data from targeted objects, using various of exploits to penetrate the organization. The current threat detection methods take advantage of machine learning algorithm using statistical and behavioral characteristics of the network traffic. The key problem using machine learning algorithm is to find a appropriate feature vector to be fed into the learner. This paper presents an entropy-based detection using support vector machine, aiming to find the traffic containing APT attack, so that attacking stream will be restricted in a smaller range of network traffic which makes it much easier to be found in further analysis. The experimental results show that the proposed method can more effectively and efficiently distinguish the traffic containing ATP streams from the normal.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Barceló-Rico, F., Esparcia-Alcázar, A.I., Villalón-Huerta, A.: Semi-supervised classification system for the detection of advanced persistent threats. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H.A. (eds.) Recent Advances in Computational Intelligence in Defense and Security. SCI, vol. 621, pp. 225–248. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-26450-9_9
Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: Duqu: a stuxnet-like malware found in the wild. CrySyS Lab Tech. Rep. 14, 1–60 (2011)
Brewer, R.: Advanced persistent threats: minimising the damage. Netw. Secur. 2014(4), 5–9 (2014)
Chien, E., O’Murchu, L., Falliere, N.: W32.Duqu: the precursor to the next stuxnet. In: LEET (2012)
Devi, S.R., Yogesh, P.: A hybrid approach to counter application layer DDoS attacks. Int. J. Crypt. Inf. Secur. (IJCIS) 2(2), 45 (2012)
Ferreira, D.C., Vázquez, F.I., Vormayr, G., Bachl, M., Zseby, T.: A meta-analysis approach for feature selection in network traffic research. In: Proceedings of the Reproducibility Workshop, pp. 17–20. ACM (2017)
Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)
Lu, J., Zhang, X., Junfeng, W., Lingyun, Y.: APT traffic detection based on time transform. In: 2016 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp. 9–13. IEEE (2016)
Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)
Marchetti, M., Pierazzi, F., Guido, A., Colajanni, M.: Countering advanced persistent threats through security intelligence and big data analytics. In: 2016 8th International Conference on Cyber Conflict (CyCon), pp. 243–261. IEEE (2016)
McAfee: Combating advanced persistent threats-how to prevent, detect, and remediate APTs (2011). www.write-angle.com/wp-content/uploads/2011/04/Combating-Advanced-Persistent-Threats.pdf
McClure, N.: Tensorflow machine learning cookbook (2017)
Ng, S., Bakhtiarib, M.: Advanced persistent threat detection based on network traffic noise pattern and analysis. J. Adv. Res. Comput. Appl. 21, 1–18 (2016)
Parkour, M.: Contagio malware database (2013). www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION
Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948)
Shick, D., Horneman, A.: Investigating advanced persistent threat 1 (APT1) (2014)
Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics, pp. 64–69. ACM (2016)
Wang, X., Zheng, K., Niu, X., Wu, B., Wu, C.: Detection of command and control in advanced persistent threat based on independent access. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2016)
Wireshark: (2015). www.wireshark.org/docs/man-pages/tshark.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Tan, J., Wang, J. (2018). Detecting Advanced Persistent Threats Based on Entropy and Support Vector Machine. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11337. Springer, Cham. https://doi.org/10.1007/978-3-030-05063-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-05063-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05062-7
Online ISBN: 978-3-030-05063-4
eBook Packages: Computer ScienceComputer Science (R0)