Advance Persistent Threat Detection Using Long Short Term Memory (LSTM) Neural Networks

  • P. V. Sai CharanEmail author
  • T. Gireesh Kumar
  • P. Mohan Anand
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 985)


Advance Persistent Threat (APT) is a malware attack on sensitive corporate, banking networks and stays there for a long time undetected. In real time corporate networks, identifying the presence of intruder is a big challenging task to security experts. Recent APT attacks like Carbanak and The Big Bang ringing alarms globally. New methods for data exfiltration and evolving malware techniques are two main reasons for rapid and robust APT evolution. In this paper, we propose a method for APT detection System for real time corporate and banking organizations by using Long Short Term Memory (LSTM) Neural networks in order to analyze huge amount of SIEM (Security Information and Event Management) system event logs.


LSTM APT Hadoop Splunk Hive 


  1. 1.
    Kaspersky Lab: The Great Bank Robbery: The Carbanak APT (Detailed Investigation Report) (2015).
  2. 2.
  3. 3.
    Messaoud, B.I.D., et al.: Advanced persistent threat: new analysis driven by life cycle phases and their challenges. In: International Conference on Advanced Communication Systems and Information Security (ACOSIS). IEEE (2016)Google Scholar
  4. 4.
    DeepLocker: How AI Can Power a Stealthy New Breed of Malware (2018).
  5. 5.
    Kharitonov, D., Ibatullin, O.: Extended security risks in IP networks. arXiv preprint arXiv:1309.5997 (2013)
  6. 6.
  7. 7.
  8. 8.
    Marchetti, M., et al.: Analysis of high volumes of network traffic for advanced persistent threat detection. Comput. Netw. 109, 127–141 (2016)CrossRefGoogle Scholar
  9. 9.
    Zhao, G., et al.: Detecting APT malware infections based on malicious DNS and traffic analysis. IEEE Access 3, 1132–1142 (2015)CrossRefGoogle Scholar
  10. 10.
    Kayacik, H.G., et al.: Detecting Anomalous Hypertext Transfer Protocol (HTTP) Events from Semi-Structured Data. U.S. Patent Application No. 15/420,560Google Scholar
  11. 11.
    Sai Charan, P.V.: Abnormal user pattern detection using semi-structured server log file analysis. In: Satapathy, S.C., Bhateja, V., Das, S. (eds.) Smart Intelligent Computing and Applications. SIST, vol. 104, pp. 97–105. Springer, Singapore (2019). Scholar
  12. 12.
    Rot, A., Olszewski, B.: Advanced persistent threats attacks in cyberspace. Threats, vulnerabilities, methods of protection. In: 2017 Federated Conference on Computer Science and Information Systems, vol. 13 (2017)Google Scholar
  13. 13.
    Brickell, E.F., et al.: Method of improving computer security through sandboxing. U.S. Patent No. 7,908,653, 15 March 2011Google Scholar
  14. 14.
  15. 15.
  16. 16.
    Jasek, R., Kolarik, M., Vymola, T.: APT detection system using honeypots. In: Proceedings of the 13th International Conference on Applied Informatics and Communications (AIC 2013), WSEAS Press (2013)Google Scholar
  17. 17.
    Ali, P.D., Gireesh Kumar, T.: Malware capturing and detection in dionaea honeypot. In: 2017 Innovations in Power and Advanced Computing Technologies (i-PACT). IEEE (2017)Google Scholar
  18. 18.
    Anastasov, I.: DancoDavcev.: SIEM implementation for global and distributed environments. In: 2014 World Congress on Computer Applications and Information Systems (WCCAIS). IEEE (2014)Google Scholar
  19. 19.
  20. 20.
  21. 21.
    Armour, D.J., Kalki, J.: Determining computer system usage from logged events. U.S. Patent No. 8,185,353, 22 May 2012Google Scholar
  22. 22.
    Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRefGoogle Scholar
  23. 23.
    Hochreiter, S., Schmidhuber, J.: LSTM can solve hard long time lag problems. In: Advances in Neural Information Processing Systems (1997)Google Scholar
  24. 24.
    Ma, X., et al.: Long short-term memory neural network for traffic speed prediction using remote microwave sensor data. Transp. Res. Part C: Emerg. Technol. 54, 187–197 (2015)CrossRefGoogle Scholar
  25. 25.

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • P. V. Sai Charan
    • 1
    Email author
  • T. Gireesh Kumar
    • 1
  • P. Mohan Anand
    • 1
  1. 1.TIFAC-CORE in Cyber Security, Amrita school of Engineering, Amrita Vishwa Vidyapeetham, Amrita UniversityCoimbatoreIndia

Personalised recommendations