Mitigating Advanced Persistent Threats Using A Combined Static-Rule And Machine Learning-Based Technique

Abstract

Advanced Persistent Threat is a targeted attack method used to maintain undetected unauthorized access over an extended period to exfiltrate valuable data. The inability of traditional methods in mitigating this attack is a major problem, which poses huge threats to organizations. This paper proposes the combined use of pattern recognition and machine learning based techniques in militating the attack. Using basic statistical test approach, a dataset containing 1,047,908 PCAP instances is analyzed and results show patterns exist in identifying between malicious data traffic and normal data traffic. The machine learning on the other hand, is evaluated using three algorithms successfully: KNN, Decision Tree and Random Forest. All algorithms showed very high accuracies in correctly classifying the data traffic. Using the algorithm with the highest accuracy, Random Forest is optimized for better effectiveness.