Detecting Advanced Persistent Threats Using Machine Learning and Behavioral Analysis

Detecting Advanced Persistent Threats Using Machine Learning and Behavioral Analysis

연구 분야: Safety

학회: International Conference on Information Technology-New Generations

Due to the elusive and persistent nature of the attacks, the detection of Advanced Persistent Threats (APTs) in cybersecurity is an important issue. Using behavioral analysis and anomaly detection methods, this study proposes a revolutionary machine learning (ML) strategy for spotting APTs. This hybrid approach, which employs decision trees for classification and autoencoders for anomaly detection, combines both supervised and unsupervised learning strategies. These two approaches enable better detection of suspicious patterns and non-standard network activities. To train and test model, this work uses a cybersecurity dataset that includes system logs and network traffic. The dataset covers a wide range of attack scenarios, from zero-day vulnerabilities to insider threats. In comparison to more standard ML techniques, these findings show that the hybrid model achieves a good accuracy rate while reducing false positives. Important signs for early APT detection include traffic spikes, unusual authentication attempts, and lateral movement; this also do a thorough study of feature significance to discover them. This method has tremendous promise for complicated network situations where real-time APT monitoring and mitigation are necessary.