Abstract
In recent years, extensive research has been conducted in Advanced Persistent Threat (APT) attack defence. However, most existing defence solutions can only identify and temporarily disrupt cyber attacks, seeking to deny the threat from the intranet, it’s difficult to defence against APT attacks. Attributing the APT organization is an excellent complement to the existing defence solutions, which not only can expose the attacker’s true identity, but also provide evidence to bring the attacker to justice. However, research on attributing APT Organization is still few, poses complex tasks because APT attacks are highly targeted, stealthy, persistent and organized. To answer thie question, we propose a Particle Swarm Optimization Multiclass Support Vector Machine (PSO-MSVM) approach to identify the organization behind complex APT attacks automatically. Firstly, we have collected a large amount of data on the traces of APT attack tools executed in the sandbox, and selected data closely related to APT organizations to construct the feature set. Secondly, based on the strategy of keeping the personal best (pbest) and global best (gbest) particles in the particle swarm algorithm away from the adaptation values generated by the misclassification information as they move, the particle positions are updated frequently to eventually obtain the optimal parameters (i.e., penalty parameter ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${C}$ </tex-math></inline-formula> ) and sigma parameter ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\sigma $ </tex-math></inline-formula> )) for MSVM, thus enabling the MSVM technique to accurately identify APT organizations. The results obtained from the PSO-MSVM approach showed the superiority of this technique in three different measures of accuracy, precision and F1,compared with other six classical methods.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IEEE Transactions on Network and Service Management
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
