A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection

Saini, Neeraj; Bhat Kasaragod, Vivekananda; Prakasha, Krishna; Das, Ashok Kumar

doi:10.1002/cpe.7865

Cited by 11 publications

(4 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This model aims to effectively identify anomalous behaviors in complex network data. In abnormal traffic detection, XGBoost applications address complex data challenges [6][7][8]. Kasongo et al [6] used the XGBoost algorithm to reduce the dimensionality of the feature space, which improves the performance of various Machine Learning (ML) models and addresses challenges such as highdimensional data spaces and dataset imbalance.…”

Section: Machine Learning-based Methodsmentioning

confidence: 99%

Abnormal Traffic Detection for Internet of Things Based on an Improved Residual Network

Su,

Wang,

et al. 2024

CMC

View full text Add to dashboard Cite

Along with the progression of Internet of Things (IoT) technology, network terminals are becoming continuously more intelligent. IoT has been widely applied in various scenarios, including urban infrastructure, transportation, industry, personal life, and other socio-economic fields. The introduction of deep learning has brought new security challenges, like an increment in abnormal traffic, which threatens network security. Insufficient feature extraction leads to less accurate classification results. In abnormal traffic detection, the data of network traffic is high-dimensional and complex. This data not only increases the computational burden of model training but also makes information extraction more difficult. To address these issues, this paper proposes an MD-MRD-ResNeXt model for abnormal network traffic detection. To fully utilize the multi-scale information in network traffic, a Multi-scale Dilated feature extraction (MD) block is introduced. This module can effectively understand and process information at various scales and uses dilated convolution technology to significantly broaden the model's receptive field. The proposed Max-feature-map Residual with Dual-channel pooling (MRD) block integrates the maximum feature map with the residual block. This module ensures the model focuses on key information, thereby optimizing computational efficiency and reducing unnecessary information redundancy. Experimental results show that compared to the latest methods, the proposed abnormal traffic detection model improves accuracy by about 2%.

show abstract

Section: Machine Learning-based Methodsmentioning

confidence: 99%

Abnormal Traffic Detection for Internet of Things Based on an Improved Residual Network

Su,

Wang,

et al. 2024

CMC

View full text Add to dashboard Cite

show abstract

“…Lu et al 12 Alotaibi et al 13 Patidar et al 14 Liu et al 15 Alghawazi et al 16 Saini et al 17 Sheth et al 18 Okesola et al 19 Labib et al 20 Marashdih et al 21 Mehta et al 22 Henry et al 23 Pruzinec et al 24 Irungu et al 25 Fratty et al 26 Logozzo et al 27 Singh et al 28 Crespo-Martínez et al 29 Fu et al 30 Philip et al 31 Barsellotti et al 32 Mallissery et al 33 Lu et al 12 Alotaibi et al 13 Guan et al 34 Nasrullayev et al 35 Muhammad et al 36 Brintha et al 37 Al Badri et al [36] Lu et al 12 (2023)…”

Section: Parse Tree Validation Policy Enforcement Isr Taint Tracking ...mentioning

confidence: 99%

Analysis of SQL injection attacks in the cloud and in WEB applications

Kumar,

Dutta,

Pranav

2024

Security and Privacy

View full text Add to dashboard Cite

Cloud computing has revolutionized the way IT industries work. Most modern‐day companies rely on cloud services to accomplish their day‐to‐day tasks. From hosting websites to developing platforms and storing resources, cloud computing has tremendous use in the modern information technology industry. Although an emerging technique, it has many security challenges. In structured query language injection attacks, the attacker modifies some parts of the user query to still sensitive user information. This type of attack is challenging to detect and prevent. In this article, we have reviewed 65 research articles that address the issue of its prevention and detection in cloud and Traditional Networks, of which 11 research articles are related to general cloud attacks, and the rest of the 54 research articles are specifically on web security. Our result shows that Random Forest has an accuracy of 99.8% and a Precision rate of 99.9%, and the worst‐performing model is Multi‐Layer Perceptron (MLP) in the SQLIA Model. For recall value, Random Forest performs best while TensorFlow Linear Classifier performs worst. F1 score is best in Random Forest, while MLP is the most diminutive performer.

show abstract

“…Spatial analysis, on the other hand, has focused on the interaction patterns among various components within a system, offering insights into the propagation and impact of malware, and have demonstrated the potential to enhance situational awareness and provide a comprehensive understanding of the threat landscape [14]. In addition to these techniques, hybrid models combining behavioral analysis and anomaly detection have been proposed to leverage the strengths of both approaches [15]. By integrating multiple detection mechanisms, these hybrid models aim to improve detection accuracy and reduce false positives [16].…”

Section: Related Workmentioning

confidence: 99%

Situation-Aware Malware Detection on Windows OS Based on Environmental Information

Tomaszewski,

Brzeźniak

2024

Preprint

View full text Add to dashboard Cite

Malware detection has become increasingly challenging due to the sophisticated evasion techniques employed by modern threats. A novel situation-aware malware detection framework is introduced, integrating machine learning models with environmental information to enhance detection capabilities. By leveraging contextual data, including network activity, file system changes, user interactions, and system state variables, the framework provides a holistic understanding of system behavior. The detection system achieves significant improvements in accuracy, precision, and recall, outperforming traditional methods. Comparative analyses reveal that incorporating environmental information enhances detection accuracy by 6.4%, while significantly reducing false positives and false negatives. The proposed framework continuously adapts to new threats, ensuring robust defense against a wide range of malware variants. Experimental results highlight the effectiveness of the approach, validated through rigorous testing and comparisons with baseline methods.The study advances the field of cybersecurity by offering an adaptive, context-aware solution that addresses the limitations of existing detection techniques. Future research directions include extending the framework to other operating systems, integrating advanced machine learning techniques, and exploring privacypreserving data collection methods.

show abstract

A hybrid ensemble machine learning model for detecting APT attacks based on network behavior anomaly detection

Cited by 11 publications

References 46 publications

Abnormal Traffic Detection for Internet of Things Based on an Improved Residual Network

Abnormal Traffic Detection for Internet of Things Based on an Improved Residual Network

Analysis of SQL injection attacks in the cloud and in WEB applications

Situation-Aware Malware Detection on Windows OS Based on Environmental Information

Contact Info

Product

Resources

About