当前位置: X-MOL 学术arXiv.cs.LG › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Early detection of the advanced persistent threat attack using performance analysis of deep learning
arXiv - CS - Machine Learning Pub Date : 2020-09-19 , DOI: arxiv-2009.10524
Javad Hassannataj Joloudari, Mojtaba Haderbadi, Amir Mashmool, Mohammad GhasemiGol, Shahab S., Amir Mosavi

One of the most common and important destructive attacks on the victim system is Advanced Persistent Threat (APT)-attack. The APT attacker can achieve his hostile goals by obtaining information and gaining financial benefits regarding the infrastructure of a network. One of the solutions to detect a secret APT attack is using network traffic. Due to the nature of the APT attack in terms of being on the network for a long time and the fact that the network may crash because of high traffic, it is difficult to detect this type of attack. Hence, in this study, machine learning methods such as C5.0 decision tree, Bayesian network and deep neural network are used for timely detection and classification of APT-attacks on the NSL-KDD dataset. Moreover, 10-fold cross validation method is used to experiment these models. As a result, the accuracy (ACC) of the C5.0 decision tree, Bayesian network and 6-layer deep learning models is obtained as 95.64%, 88.37% and 98.85%, respectively, and also, in terms of the important criterion of the false positive rate (FPR), the FPR value for the C5.0 decision tree, Bayesian network and 6-layer deep learning models is obtained as 2.56, 10.47 and 1.13, respectively. Other criterions such as sensitivity, specificity, accuracy, false negative rate and F-measure are also investigated for the models, and the experimental results show that the deep learning model with automatic multi-layered extraction of features has the best performance for timely detection of an APT-attack comparing to other classification models.

中文翻译:

使用深度学习的性能分析及早检测高级持续威胁攻击

对受害者系统最常见和最重要的破坏性攻击之一是高级持续威胁 (APT) 攻击。APT 攻击者可以通过获取有关网络基础设施的信息和经济利益来实现其敌对目标。检测秘密 APT 攻击的解决方案之一是使用网络流量。由于APT攻击在网络上的时间长,并且网络可能会因高流量而崩溃,因此很难检测到这种类型的攻击。因此,在本研究中,使用 C5.0 决策树、贝叶斯网络和深度神经网络等机器学习方法对 NSL-KDD 数据集上的 APT 攻击进行及时检测和分类。此外,使用 10 倍交叉验证方法来试验这些模型。因此,C5.0 决策树、贝叶斯网络和 6 层深度学习模型的准确率(ACC)分别为 95.64%、88.37% 和 98.85%,并且在误报率的重要标准方面(FPR),C5.0 决策树、贝叶斯网络和 6 层深度学习模型的 FPR 值分别为 2.56、10.47 和 1.13。还对模型的敏感性、特异性、准确率、假阴性率和 F-measure 等其他标准进行了研究,实验结果表明,具有自动多层特征提取的深度学习模型在及时检测特征方面具有最佳性能。与其他分类模型相比的 APT 攻击。此外,在误报率(FPR)的重要标准方面,C5.0决策树、贝叶斯网络和6层深度学习模型的FPR值分别为2.56、10.47和1.13。还对模型的敏感性、特异性、准确性、假阴性率和 F-measure 等其他标准进行了研究,实验结果表明,具有自动多层特征提取的深度学习模型在及时检测到与其他分类模型相比的 APT 攻击。此外,在误报率(FPR)的重要标准方面,C5.0决策树、贝叶斯网络和6层深度学习模型的FPR值分别为2.56、10.47和1.13。还对模型的敏感性、特异性、准确性、假阴性率和 F-measure 等其他标准进行了研究,实验结果表明,具有自动多层特征提取的深度学习模型在及时检测到与其他分类模型相比的 APT 攻击。
更新日期:2020-09-23
down
wechat
bug