SLF-ADM: Securing Linux frontiers: Advanced persistent threat (APT) detection using machine learning

SLF-ADM: Securing Linux frontiers: Advanced persistent threat (APT) detection using machine learning

연구 분야: Safety

학회: Neural Computing and Applications

Cyber warfare has reached its peak and the most dangerous threat to any country/state/organization in cyber attack space is Advanced Persistent Threat (APT) due to its nature, intention and impact. These attack campaigns are sophisticated and complex enough to get easily detected, specially in the Linux environment on which most of the back-end technologies and super computers are based. There is no proper solution to detect and predict these sophisticated attack campaign. This article presents a novel machine learning approach that utilizes the FastText embedding with support vector machine (SVM) algorithm for rapid and systematic APT attack detection and prediction. The dataset used in the study is developed by simulating several latest APTs and executing payloads in the Linux environment to effectively analyse, detect and predict the campaign. As per the APT life cycle, there are different stages and each stage has different characteristics and paths to observe, which are taken into consideration in the selected dataset. Utilizing the proposed methodology, there are four ML-model which are trained and tested against the accuracy. The maximum predicted accuracy of 96% has been achieved for SVM. The results are compared with other machine learning models on same dataset as well. The experiment shows that SVM has performed significantly better in comparison to the other proposed models.