Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics 2016
DOI: 10.1145/2875475.2875484
|View full text |Cite
|
Sign up to set email alerts
|

Detecting Advanced Persistent Threats using Fractal Dimension based Machine Learning Classification

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
26
0
4

Year Published

2017
2017
2020
2020

Publication Types

Select...
5
4
1

Relationship

0
10

Authors

Journals

citations
Cited by 61 publications
(30 citation statements)
references
References 11 publications
0
26
0
4
Order By: Relevance
“…Friedberg et al [2015] explain the shortcomings of current security solutions with regards to APT detection, in particular contending that preventive security mechanisms and signature-based methods are not enough to tackle the challenge of APTs, and propose an anomaly detection-based framework to detect APTs by learning a model of normal system behavior from host-based security logs and detecting deviations. Siddiqui et al [2016] use the fractal dimension as a feature to classify TCP/IP session data patterns into anomalous (and part of an APT) or normal patterns. Moya et al [2017] construct decision tree-based models of normal network activity based on features extracted from firewall logs, then use the learned models to classify incoming network traffic.…”
Section: Related Workmentioning
confidence: 99%
“…Friedberg et al [2015] explain the shortcomings of current security solutions with regards to APT detection, in particular contending that preventive security mechanisms and signature-based methods are not enough to tackle the challenge of APTs, and propose an anomaly detection-based framework to detect APTs by learning a model of normal system behavior from host-based security logs and detecting deviations. Siddiqui et al [2016] use the fractal dimension as a feature to classify TCP/IP session data patterns into anomalous (and part of an APT) or normal patterns. Moya et al [2017] construct decision tree-based models of normal network activity based on features extracted from firewall logs, then use the learned models to classify incoming network traffic.…”
Section: Related Workmentioning
confidence: 99%
“…To obtain the traffic data, we have monitored the university-enterprise network for one month. Specifically, we simulate the P2P botnet and HTTP botnet attack according to the Contagio blog [21] and white paper [22], which provide guidance about how to make botnet evade intrusion detection techniques. To simulate the XSS attacks, we inject malicious code into the web pages of university servers.…”
Section: Datasetmentioning
confidence: 99%
“…Technical countermeasures have been proposed by (Huang and Zhu, 2019), where a multi-stage Bayesian game framework can capture incomplete information of deceptive APTs and their multistage multi-phase movement. (Siddiqui et al, 2016) proposed classification of APT based on anomalous traffic patterns using a feature vector obtained during processing of TCP/IP session information. A disguised executable file detection (DeFD) module system, which aims to detect disguised executable files transferred over network connections, has been proposed by (Ghafir et al, 2018).…”
Section: Research On Apt Countermeasuresmentioning
confidence: 99%