BHU Digital Repository

Improved Detection of Advanced Persistent Threats Using an Anomaly Detection Ensemble Approach

Show simple item record

dc.contributor.author ADELAIYE, Oluwasegun
dc.date.accessioned 2024-05-21T10:16:11Z
dc.date.available 2024-05-21T10:16:11Z
dc.date.issued 2021
dc.identifier.citation 10. Adelaiye, O.I, Ajibola, A., Bisallah, H., Abiona, A.A. (2021) Improved Detection of Advanced Persistent Threats Using an Anomaly Detection Ensemble Approach. Advances in Science, Technology and Engineering Systems (ASTES) Journal. 6(2) 295-302 en_US
dc.identifier.issn 2415-6698
dc.identifier.uri http://localhost:8080/xmlui/handle/123456789/1257
dc.description.abstract Rated a high-risk cyber-attack type, Advanced Persistent Threat (APT) has become a cause for concern to cyber security experts. Detecting the presence of APT in order to mitigate this attack has been a major challenge as successful attacks to large organizations still abound. Our approach combines static rule anomaly detection through pattern recognition and machine learning-based classification technique in mitigating the APT. (1) The rules-based on patterns are derived using statistical analysis majorly Kruskal Wallis test for association. A Packet Capture (PCAP) dataset with 1,047,908 packet header data is analyzed in an attempt, to identify malicious versus normal data traffic patterns. 90% of the attack traffic utilizes unassigned and dynamic/private ports and, also data sizes of between 0 and 58 bytes. (2) The machine learning approach narrows down the algorithm utilized by evaluating the accuracy levels of four algorithms: K-Nearest Neighbor (KNN), Support Vector Machine (SVM), Decision Tree and Random Forest with the accuracies 99.74, 87.11, 99.84 and 99.90 percent respectively. A load balance approach and modified entropy formula was applied to Random Forest. The model combines the two techniques giving it a minimum accuracy of 99.95% with added capabilities of detecting false positives. The results for both methods are matched in order to make a final decision. This approach can be easily adopted, as the data required is packet header data, visible in every network and provides results with commendable levels of accuracy, and the challenges of false positives greatly reduced en_US
dc.description.sponsorship Self en_US
dc.language.iso en en_US
dc.publisher Advances in Science, Technology and Engineering Systems (ASTES) Journal en_US
dc.relation.ispartofseries Vol 6;No 2
dc.subject Anomaly detection en_US
dc.subject Traffic analysis en_US
dc.subject Packet capture en_US
dc.title Improved Detection of Advanced Persistent Threats Using an Anomaly Detection Ensemble Approach en_US
dc.type Article en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search BHUDR


Advanced Search

Browse

My Account