Skip to main content
SpringerLink
Log in
Book cover

International Conference on Algorithms and Architectures for Parallel Processing

ICA3PP 2018: Algorithms and Architectures for Parallel Processing pp 153–165Cite as

Detecting Advanced Persistent Threats Based on Entropy and Support Vector Machine

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11337))

Abstract

Advanced Persistent Threats (APTs) have become the critical issue in high security network. The high pertinence, disguise and phasing make it even more ineffective to be discovered by traditional detection technologies. APTs continuously gather information and data from targeted objects, using various of exploits to penetrate the organization. The current threat detection methods take advantage of machine learning algorithm using statistical and behavioral characteristics of the network traffic. The key problem using machine learning algorithm is to find a appropriate feature vector to be fed into the learner. This paper presents an entropy-based detection using support vector machine, aiming to find the traffic containing APT attack, so that attacking stream will be restricted in a smaller range of network traffic which makes it much easier to be found in further analysis. The experimental results show that the proposed method can more effectively and efficiently distinguish the traffic containing ATP streams from the normal.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Barceló-Rico, F., Esparcia-Alcázar, A.I., Villalón-Huerta, A.: Semi-supervised classification system for the detection of advanced persistent threats. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H.A. (eds.) Recent Advances in Computational Intelligence in Defense and Security. SCI, vol. 621, pp. 225–248. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-26450-9_9

    Chapter  Google Scholar 

  2. Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: Duqu: a stuxnet-like malware found in the wild. CrySyS Lab Tech. Rep. 14, 1–60 (2011)

    Google Scholar 

  3. Brewer, R.: Advanced persistent threats: minimising the damage. Netw. Secur. 2014(4), 5–9 (2014)

    Article  Google Scholar 

  4. Chien, E., O’Murchu, L., Falliere, N.: W32.Duqu: the precursor to the next stuxnet. In: LEET (2012)

    Google Scholar 

  5. Devi, S.R., Yogesh, P.: A hybrid approach to counter application layer DDoS attacks. Int. J. Crypt. Inf. Secur. (IJCIS) 2(2), 45 (2012)

    Google Scholar 

  6. Ferreira, D.C., Vázquez, F.I., Vormayr, G., Bachl, M., Zseby, T.: A meta-analysis approach for feature selection in network traffic research. In: Proceedings of the Reproducibility Workshop, pp. 17–20. ACM (2017)

    Google Scholar 

  7. Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)

    Article  MathSciNet  Google Scholar 

  8. Lu, J., Zhang, X., Junfeng, W., Lingyun, Y.: APT traffic detection based on time transform. In: 2016 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), pp. 9–13. IEEE (2016)

    Google Scholar 

  9. Marchetti, M., Pierazzi, F., Colajanni, M., Guido, A.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)

    Article  Google Scholar 

  10. Marchetti, M., Pierazzi, F., Guido, A., Colajanni, M.: Countering advanced persistent threats through security intelligence and big data analytics. In: 2016 8th International Conference on Cyber Conflict (CyCon), pp. 243–261. IEEE (2016)

    Google Scholar 

  11. McAfee: Combating advanced persistent threats-how to prevent, detect, and remediate APTs (2011). www.write-angle.com/wp-content/uploads/2011/04/Combating-Advanced-Persistent-Threats.pdf

  12. McClure, N.: Tensorflow machine learning cookbook (2017)

    Google Scholar 

  13. Ng, S., Bakhtiarib, M.: Advanced persistent threat detection based on network traffic noise pattern and analysis. J. Adv. Res. Comput. Appl. 21, 1–18 (2016)

    Google Scholar 

  14. Parkour, M.: Contagio malware database (2013). www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION

  15. Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948)

    Article  MathSciNet  Google Scholar 

  16. Shick, D., Horneman, A.: Investigating advanced persistent threat 1 (APT1) (2014)

    Google Scholar 

  17. Siddiqui, S., Khan, M.S., Ferens, K., Kinsner, W.: Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics, pp. 64–69. ACM (2016)

    Google Scholar 

  18. Wang, X., Zheng, K., Niu, X., Wu, B., Wu, C.: Detection of command and control in advanced persistent threat based on independent access. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2016)

    Google Scholar 

  19. Wireshark: (2015). www.wireshark.org/docs/man-pages/tshark.html

Download references

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Jiayu Tan & Jian Wang

Authors
  1. Jiayu Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jian Wang .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tan, J., Wang, J. (2018). Detecting Advanced Persistent Threats Based on Entropy and Support Vector Machine. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11337. Springer, Cham. https://doi.org/10.1007/978-3-030-05063-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05063-4_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05062-7

  • Online ISBN: 978-3-030-05063-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation