Show simple item record

dc.contributor.authorGhafir, Ibrahim
dc.contributor.authorHammoudeh, M.
dc.contributor.authorPrenosil, V.
dc.contributor.authorHan, L.
dc.contributor.authorHegarty, R.
dc.contributor.authorRabie, K.
dc.contributor.authorAparicio-Navarro, F.J.
dc.date.accessioned2020-01-24T12:13:54Z
dc.date.accessioned2020-01-31T11:53:41Z
dc.date.available2020-01-24T12:13:54Z
dc.date.available2020-01-31T11:53:41Z
dc.date.issued2018-12
dc.identifier.citationGhafir I, Hammoudeh M, Prenosil V (et al) Detection of advanced persistent threat using machine-learning correlation analysis. Future Generation Computer Systems. 89: 349-359.en_US
dc.identifier.urihttp://hdl.handle.net/10454/17614
dc.descriptionYesen_US
dc.description.abstractAs one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%.en_US
dc.language.isoenen_US
dc.rights© 2018 Elsevier B.V. All rights reserved. Reproduced in accordance with the publisher's self-archiving policy. This manuscript version is made available under the CC-BY-NC-ND 4.0 license.en_US
dc.subjectCyber attacksen_US
dc.subjectAdvanced persistent threaten_US
dc.subjectMalwareen_US
dc.subjectIntrusion detection systemen_US
dc.subjectAlert correlationen_US
dc.subjectMachine learningen_US
dc.titleDetection of advanced persistent threat using machine-learning correlation analysisen_US
dc.status.refereedYesen_US
dc.date.Accepted2018-06-28
dc.date.application2018-07-06
dc.typeArticleen_US
dc.type.versionAccepted manuscripten_US
dc.identifier.doihttps://doi.org/10.1016/j.future.2018.06.055
dc.date.updated2020-01-24T12:13:55Z
refterms.dateFOA2020-01-31T11:54:12Z


Item file(s)

Thumbnail
Name:
Ghafir_FGCS.pdf
Size:
465.4Kb
Format:
PDF
Description:
To keep suppressed
Thumbnail
Name:
Detectionofadvancedpersistentt ...
Size:
460.5Kb
Format:
PDF
Description:
To keep suppressed
Thumbnail
Name:
Ghafir_Future_Generation_Compu ...
Size:
564.8Kb
Format:
PDF

This item appears in the following Collection(s)

Show simple item record