Advanced Persistent Threat attack detection method in cloud computing based on autoencoder and softmax regression algorithm

Abstract

APT (Advanced Persistent Threat) is a complex type of attack that steals personal data by staying in the infected system for a long time. When APT attacks take place in a dynamic and complex infrastructure such as the cloud, their detection by traditional methods is very difficult. To overcome the limitations of existing methods the paper proposes autoencoder based deep learning approach for APT attack detection. The advantage of this model is that it achieves a high classification result by identifying complex relationships between features in a database. Additionally, the model simplifies the process of classifying large volumes of data by reducing the size of data in the encoder. Here, first of all, the autoencoder neural network was applied, and informative features were studied from the network traffic data in an unsupervised manner. After the informative feature study, softmax regression layer was added to the top layer of the constructed autoencoder network to classify APT attacks. In this study, a deep neural network model constructed by adding different layers was tested on a database open to scientific research and compared to existing methods; the proposed method gave superior results in detection of APT attacks. The average detection accuracy of the proposed APT detection framework was achieved of 98.32%. A model for the application of the proposed approach to the cloud environment has been developed, and a two-factor authentication system based on the OTP (One-Time Password) mechanism has been proposed to strengthen the security of the cloud information system against APT attacks.