A novel intelligent cognitive computing-based APT malware detection for Endpoint systems

Xuan, Cho Do; Huong, DT; Nguyen, Toan Van

doi:10.3233/jifs-220233

Cited by 11 publications

(4 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, ML-based detection models have some quality issues, such as computational cost, accuracy, and time. Some studies used deep learning–based detection models to deal with massive amounts of data that required considerable storage and time for decision-making, such as [ 71 , 75 , 82 , 90 , 91 , 98 , 104 , 105 , 108 , 123 , 124 , 126 , [128] , [129] , [130] ]. Some studies that used AI-based detection models had problems such as delay, reliability, and computational costs, such as [ 70 , 72 , 74 , 77 , 79 , 122 , 131 , 132 ].…”

Section: Discussionmentioning

confidence: 99%

“…Xuan and Huong [ 124 ] proposed a method to analyse and evaluate behaviour profiles using the Graph Isomorphism Network (GIN) to improve the efficiency of analysing and detecting APT malware on workstations. In addition, Xuan et al [ 129 ] proposed a new method for analysing and detecting APT malware on endpoint devices, such as unauthorised intrusions and insiders, using CNN-attention, a combination of CNN and the attention network. Further, Xuan and Duong [ 130 ] proposed a model that improves analysis efficiency and APT malware detection based on network traffic using CNN-LSTM and the attention network.…”

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

See 1 more Smart Citation

A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model

Salim

Singh

Keikhosrokiani

2023

Heliyon

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

Section: Analysis and Findings Of Research Questionsmentioning

confidence: 99%

A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model

Salim

Singh

Keikhosrokiani

2023

Heliyon

View full text Add to dashboard Cite

“…In some cases metrics like the code's entropy, number of characters, number of conditional sentences, among others, are applied [20], [28]. Other works also play with cyclomatic complexity [9], [20], use dependency and control flow graphs [10], [22], [24], [25], [27], [30]- [34], even work at token level [23], use vectors to represent assorted information [8], [19], [21], [26] or directly apply the code [29]. Once features are extracted, machine learning algorithms are used in all cases, being neural networks the most common one, specially MLP, though some works also use DNN, like [29].…”

Section: A Vulnerability Detectionmentioning

confidence: 99%

Vulnerability detection under poisoning attacks through code and token features

González-Manzano,

Garcia-Alfaro

2024

Preprint

View full text Add to dashboard Cite

The complexity of implementations and the interconnection of assorted systems and devices facilitates the emergence of vulnerabilities. Detection systems are developed to fight against this security issue, being the use of Artificial Intelligence (AI) a common practice. However, the use of AI is not without its problems, specially those affecting the training phase. This paper tackles this issue following a two-fold approach. First, an AI-based vulnerability detection system based on code and token metrics, dubbed VulCoT, is developed. It reaches state-of-the-art performance while being suitable for C#, C/C++ and PHP. Second, the impact of poisoning attacks on VulCoT is analysed. Results show that VulCoT is specially affected beyond 20% of false data. Remarkably, detecting some of the most frequent Common Weakness Enumeration is altered even with lower poison rates. Overall, KNN and SVM are more appropriate for system protection in C# and C/C++, while MLP in PHP. Indeed, PHP is the language which is less affected by attacks, while C# and C/C++ present comparable results.

show abstract

“…With this proposal, the authors improved some shortcomings of the proposal [ 25 ]. With the same approach of using the Attention network to build behavior profiles of APT attacks, in the study [ 33 ], the authors proposed a model combining deep learning networks with Attention networks to classify APT malware. However, we found that this model was still relatively complicated and cumbersome, and was difficult to implement in practice.…”

Section: Related Workmentioning

confidence: 99%

A novel approach for APT attack detection based on feature intelligent extraction and representation learning

Do Xuan,

Cuong

2024

PLoS ONE

View full text Add to dashboard Cite

Advanced Persistent Threat (APT) attacks are causing a lot of damage to critical organizations and institutions. Therefore, early detection and warning of APT attack campaigns are very necessary today. In this paper, we propose a new approach for APT attack detection based on the combination of Feature Intelligent Extraction (FIE) and Representation Learning (RL) techniques. In particular, the proposed FIE technique is a combination of the Bidirectional Long Short-Term Memory (BiLSTM) deep learning network and the Attention network. The FIE combined model has the function of aggregating and extracting unusual behaviors of APT IPs in network traffic. The RL method proposed in this study aims to optimize classifying APT IPs and normal IPs based on two main techniques: rebalancing data and contrastive learning. Specifically, the rebalancing data method supports the training process by rebalancing the experimental dataset. And the contrastive learning method learns APT IP’s important features based on finding and pulling similar features together as well as pushing contrasting data points away. The combination of FIE and RL (abbreviated as the FIERL model) is a novel proposal and innovation and has not been proposed and published by any research. The experimental results in the paper have proved that the proposed method in the paper is correct and reasonable when it has shown superior efficiency compared to some other studies and approaches over 5% on all measurements.

show abstract

A novel intelligent cognitive computing-based APT malware detection for Endpoint systems

Cited by 11 publications

References 38 publications

A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model

A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model

Vulnerability detection under poisoning attacks through code and token features

A novel approach for APT attack detection based on feature intelligent extraction and representation learning

Contact Info

Product

Resources

About