Ensemble of classifiers for detection of advanced persistent threat
The demand for application of technology in almost all walks of life is in the increase and can be seen to be geared by the paradigm changes in industrial revolutions (current 4.0), IoT/IoE (Internet of Things/Internet of Everything) concept, Internet 2.0, Artificial Intelligence (AI), BYOD (Bring Y...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/96365/1/OkwaraJerryChizobaMSC2019.pdf.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The demand for application of technology in almost all walks of life is in the increase and can be seen to be geared by the paradigm changes in industrial revolutions (current 4.0), IoT/IoE (Internet of Things/Internet of Everything) concept, Internet 2.0, Artificial Intelligence (AI), BYOD (Bring Your Own Device) to mention a few but not without their increased inherent vulnerabilities and exposure to sophisticated and dynamic awaiting threats. Advanced Persistent Threats (APTs) among other malwares are some of the malicious attacks given serious attention as they have shown some level of complexities thereby causing defender solutions to poorly detect them. Poor APT attack tactics understanding, insufficient network traffic log analysis and poor classification are some of the problems identified for poor detection of these attacks. Network traffic logs are used by researchers to analyse the network and track attacks as packets move across network nodes. This research studies attack modelling in order to understand APT attack tactics and generate their dataset through simulation as well as a real dataset for normal operation. The experiment will be simulated on a virtual environment using dimensionality reduction technique on the network traffic log for improved log processing. To improve the APT detection accuracy flawed by their stealthiness, the ensemble of classifiers (Support Vector Machine, Random Forest, Decision Tree) with majority voting is used for better attack classification which resultantly gives a better detection accuracy of 90.47%. |
|---|