Abstract
Advanced persistent threat (APT) is a special attack method, which is usually initiated by hacker groups to steal data or destroy systems for large enterprises and even countries. APT has a long-term and multi-stage characteristic, which makes it difficult for traditional detection methods to effectively identify. To detect APT attacks requires solving some problems: how to deal with various uncertain information during APT attack detection, how to fully train the APT detection model with small attack samples, and how to obtain the interpretable detection results for subsequent APT attack forensics. Traditional detection methods cannot effectively utilize multiple uncertain information with small samples. Meanwhile, most detection models are black box and lack a transparent calculation process, which makes it impossible for managers to analyze the reliability and evidence of the results. To solve these problems, a novel detection method based on belief rule base (BRB) is proposed in this paper, where expert knowledge and small samples are both utilized to obtain interpretable detection results. A case study with numerical simulation is established to prove the effectiveness and practicality of the proposed method.
Highlights
The advanced persistent threat (APT) attack is receiving attention from security professionals, as attackers have shifted their targets from institutions with military backgrounds to businesses that focus on education, energy, computers, finance, and diplomacy
A novel method for detecting APT attack based on the belief rule base model is proposed
The belief rule base (BRB)-based APT detection model has the advantages of comprehensive utilization of information and generation of interpretable results
Summary
The advanced persistent threat (APT) attack is receiving attention from security professionals, as attackers have shifted their targets from institutions with military backgrounds to businesses that focus on education, energy, computers, finance, and diplomacy. The literature [19] proposes a spatio-temporal association analysis to detect the APT attack in industrial network, which utilizes a frequent pattern (FP) growth algorithm to mine association rules and, uses SVM for classification detection. To solve the above problems, a novel detection method based on belief rule base (BRB) is proposed in this paper, where a set of decision rules is firstly defined by mechanism analysis and expert knowledge, and a small number of quantitative data samples are used to optimize the model. Through a combination of expert knowledge and quantitative data, the proposed method can effectively solve the concealment problem caused by long-time and multi-stage characteristics of APT attack.
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call