Advanced Persistent Threat Attack Detection using Clustering Algorithms

作     者：Alsanad, Ahmed Altuwaijri, Sara 

作者机构：King Saud Univ Dept Informat Syst Coll Comp & Informat Sci Riyadh 11543 Saudi Arabia 

出 版 物：《INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS》 (Intl. J. Adv. Comput. Sci. Appl.)

年 卷 期：2022年第13卷第9期

页      面：640-649页

核心收录：

基　　金：College of Computer and Information Sciences (CCIS) at King Saud University 

主　　题：APT Attack detection DNS network cybersecurity clustering algorithms 

摘      要：Advanced Persistent Threat (APT) attack has become one of the most complex attacks. It targets sensitive information. Many cybersecurity systems have been developed to detect the APT attack from network data traffic and request. However, they still need to be improved to identify this attack effectively due to its complexity and slow move. It gets access to the organizations either from an active directory or by gaining remote access, or even by targeting the Domain Name Server (DNS). Nowadays, many machine learning (ML) techniques have been implemented to detect APT attack by using the tools in the market. However, still, there are some limitations in terms of accuracy, efficiency, and effectiveness, especially the lack of labeled data to train ML methods. This paper proposes a framework to detect APT attacks using the most applicable clustering algorithms, such as the APRIORI, K-means, and Hunt s algorithm. To evaluate and compare the performance of the proposed framework, several experiments are conducted on a public dataset. The experimental results showed that the Support Vector Machine with Radial Basis Function (SVM-RBF) achieves the highest accuracy rate, reaching about 99.2%. This accurate result confirms the effectiveness of the developed framework for detecting attacks from network data traffic.