Detecting Advanced Persistent Threats Using Fractal Dimension Based Machine Learning Classification
Title | Detecting Advanced Persistent Threats Using Fractal Dimension Based Machine Learning Classification |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Siddiqui, Sana, Khan, Muhammad Salman, Ferens, Ken, Kinsner, Witold |
Conference Name | Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4077-9 |
Keywords | advanced persistent threat, advanced persistent threats, advanced persistent threats (apt), classification, Collaboration, Complexity, composability, cyber threats, False Data Detection, Human Behavior, machine learning, malware classification, Metrics, multifractal, pubcrawl, remote trojans, Resiliency, Scalability |
Abstract | Advanced Persistent Threats (APTs) are a new breed of internet based smart threats, which can go undetected with the existing state of-the-art internet traffic monitoring and protection systems. With the evolution of internet and cloud computing, a new generation of smart APT attacks has also evolved and signature based threat detection systems are proving to be futile and insufficient. One of the essential strategies in detecting APTs is to continuously monitor and analyze various features of a TCP/IP connection, such as the number of transferred packets, the total count of the bytes exchanged, the duration of the TCP/IP connections, and details of the number of packet flows. The current threat detection approaches make extensive use of machine learning algorithms that utilize statistical and behavioral knowledge of the traffic. However, the performance of these algorithms is far from satisfactory in terms of reducing false negatives and false positives simultaneously. Mostly, current algorithms focus on reducing false positives, only. This paper presents a fractal based anomaly classification mechanism, with the goal of reducing both false positives and false negatives, simultaneously. A comparison of the proposed fractal based method with a traditional Euclidean based machine learning algorithm (k-NN) shows that the proposed method significantly outperforms the traditional approach by reducing false positive and false negative rates, simultaneously, while improving the overall classification rates. |
URL | http://doi.acm.org/10.1145/2875475.2875484 |
DOI | 10.1145/2875475.2875484 |
Citation Key | siddiqui_detecting_2016 |
- Human behavior
- Scalability
- Resiliency
- remote trojans
- pubcrawl
- multifractal
- Metrics
- malware classification
- machine learning
- advanced persistent threat
- False Data Detection
- cyber threats
- composability
- complexity
- collaboration
- classification
- advanced persistent threats (apt)
- advanced persistent threats