Please use this identifier to cite or link to this item: http://localhost:8080/xmlui/handle/123456789/1257
Full metadata record
DC FieldValueLanguage
dc.contributor.authorADELAIYE, Oluwasegun-
dc.date.accessioned2024-05-21T10:16:11Z-
dc.date.available2024-05-21T10:16:11Z-
dc.date.issued2021-
dc.identifier.citation10. Adelaiye, O.I, Ajibola, A., Bisallah, H., Abiona, A.A. (2021) Improved Detection of Advanced Persistent Threats Using an Anomaly Detection Ensemble Approach. Advances in Science, Technology and Engineering Systems (ASTES) Journal. 6(2) 295-302en_US
dc.identifier.issn2415-6698-
dc.identifier.urihttp://localhost:8080/xmlui/handle/123456789/1257-
dc.description.abstractRated a high-risk cyber-attack type, Advanced Persistent Threat (APT) has become a cause for concern to cyber security experts. Detecting the presence of APT in order to mitigate this attack has been a major challenge as successful attacks to large organizations still abound. Our approach combines static rule anomaly detection through pattern recognition and machine learning-based classification technique in mitigating the APT. (1) The rules-based on patterns are derived using statistical analysis majorly Kruskal Wallis test for association. A Packet Capture (PCAP) dataset with 1,047,908 packet header data is analyzed in an attempt, to identify malicious versus normal data traffic patterns. 90% of the attack traffic utilizes unassigned and dynamic/private ports and, also data sizes of between 0 and 58 bytes. (2) The machine learning approach narrows down the algorithm utilized by evaluating the accuracy levels of four algorithms: K-Nearest Neighbor (KNN), Support Vector Machine (SVM), Decision Tree and Random Forest with the accuracies 99.74, 87.11, 99.84 and 99.90 percent respectively. A load balance approach and modified entropy formula was applied to Random Forest. The model combines the two techniques giving it a minimum accuracy of 99.95% with added capabilities of detecting false positives. The results for both methods are matched in order to make a final decision. This approach can be easily adopted, as the data required is packet header data, visible in every network and provides results with commendable levels of accuracy, and the challenges of false positives greatly reduceden_US
dc.description.sponsorshipSelfen_US
dc.language.isoenen_US
dc.publisherAdvances in Science, Technology and Engineering Systems (ASTES) Journalen_US
dc.relation.ispartofseriesVol 6;No 2-
dc.subjectAnomaly detectionen_US
dc.subjectTraffic analysisen_US
dc.subjectPacket captureen_US
dc.titleImproved Detection of Advanced Persistent Threats Using an Anomaly Detection Ensemble Approachen_US
dc.typeArticleen_US
Appears in Collections:Research Articles

Files in This Item:
File Description SizeFormat 
ASTESJ_060234.pdf369.94 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.