Skip to main content

Research Repository

Advanced Search

Advanced persistent threats detection based on deep learning approach.

Eke, Hope Nkiruka; Petrovski, Andrei

Authors

Profile image of HOPE EKE

HOPE EKE h.eke@rgu.ac.uk
Completed Research Student

Andrei Petrovski



Abstract

Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. APT is a sophisticated attack that masquerade their actions to navigates around defenses, breach networks, often, over multiple network hosts and evades detection. It also uses "low-and-slow" approach over a long period of time. Resource availability, integrity, and confidentiality of the operational cyber-physical systems (CPS) state and control is highly impacted by the safety and security measures in place. A framework multi-stage detection approach termed "APTDASAC" to detect different tactics, techniques, and procedures (TTPs) used during various APT steps is proposed. Implementation was carried out in three stages: (i) Data input and probing layer - this involves data gathering and preprocessing, (ii) Data analysis layer; applies the core process of "APTDASAC" to learn the behaviour of attack steps from the sequence data, correlate and link the related output and, (iii) Decision layer; the ensemble probability approach is utilized to integrate the output and make attack prediction. The framework was validated with three different datasets and three case studies. The proposed approach achieved a significant attacks detection capability of 86.36% with loss as 0.32%, demonstrating that attack detection techniques applied that performed well in one domain may not yield the same good result in another domain. This suggests that robustness and resilience of operational systems state to withstand attack and maintain system performance are regulated by the safety and security measures in place, which is specific to the system in question.

Citation

EKE, H.N. and PETROVSKI, A. 2023. Advanced persistent threats detection based on deep learning approach. In Proceedings of the 6th IEEE (Institute of Electrical and Electronics Engineers) International conference on Industrial cyber physical systems international conference 2023 (ICPS 2023), 8-11 May 2023, Wuhan, China. Piscataway: IEEE [online], pages 1-10. Available from: https://doi.org/10.1109/ICPS58381.2023.10128062

Presentation Conference Type Conference Paper (published)
Conference Name 6th IEEE (Institute of Electrical and Electronics Engineers) International conference on Industrial cyber-physical systems 2023 (ICPS 2023)
Start Date May 8, 2023
End Date May 11, 2023
Acceptance Date Apr 5, 2023
Online Publication Date May 11, 2023
Publication Date May 24, 2023
Deposit Date Apr 6, 2023
Publicly Available Date Apr 6, 2023
Publisher Institute of Electrical and Electronics Engineers (IEEE)
Peer Reviewed Peer Reviewed
Series ISSN 2769-3899
Book Title Proceedings of the 6th IEEE (Institute of Electrical and Electronics Engineers) International conference on Industrial cyber-physical systems 2023 (ICPS 2023)
ISBN 9798350311259
DOI https://doi.org/10.1109/ICPS58381.2023.10128062
Keywords Advanced persistent threats; Cyber-physical Systems; Critical infrastructures; Deep learning; Industrial control systems; Supervisory control and data acquisition
Public URL https://rgu-repository.worktribe.com/output/1931366

Files

EKE 2023 Advanced persistent threats (AAM) (569 Kb)
PDF

Copyright Statement
© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.




You might also like



Downloadable Citations