HOPE EKE h.eke@rgu.ac.uk
Completed Research Student
Advanced persistent threats detection based on deep learning approach.
Eke, Hope Nkiruka; Petrovski, Andrei
Authors
Andrei Petrovski
Abstract
Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. APT is a sophisticated attack that masquerade their actions to navigates around defenses, breach networks, often, over multiple network hosts and evades detection. It also uses "low-and-slow" approach over a long period of time. Resource availability, integrity, and confidentiality of the operational cyber-physical systems (CPS) state and control is highly impacted by the safety and security measures in place. A framework multi-stage detection approach termed "APTDASAC" to detect different tactics, techniques, and procedures (TTPs) used during various APT steps is proposed. Implementation was carried out in three stages: (i) Data input and probing layer - this involves data gathering and preprocessing, (ii) Data analysis layer; applies the core process of "APTDASAC" to learn the behaviour of attack steps from the sequence data, correlate and link the related output and, (iii) Decision layer; the ensemble probability approach is utilized to integrate the output and make attack prediction. The framework was validated with three different datasets and three case studies. The proposed approach achieved a significant attacks detection capability of 86.36% with loss as 0.32%, demonstrating that attack detection techniques applied that performed well in one domain may not yield the same good result in another domain. This suggests that robustness and resilience of operational systems state to withstand attack and maintain system performance are regulated by the safety and security measures in place, which is specific to the system in question.
Citation
EKE, H.N. and PETROVSKI, A. 2023. Advanced persistent threats detection based on deep learning approach. In Proceedings of the 6th IEEE (Institute of Electrical and Electronics Engineers) International conference on Industrial cyber physical systems international conference 2023 (ICPS 2023), 8-11 May 2023, Wuhan, China. Piscataway: IEEE [online], pages 1-10. Available from: https://doi.org/10.1109/ICPS58381.2023.10128062
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | 6th IEEE (Institute of Electrical and Electronics Engineers) International conference on Industrial cyber-physical systems 2023 (ICPS 2023) |
Start Date | May 8, 2023 |
End Date | May 11, 2023 |
Acceptance Date | Apr 5, 2023 |
Online Publication Date | May 11, 2023 |
Publication Date | May 24, 2023 |
Deposit Date | Apr 6, 2023 |
Publicly Available Date | Apr 6, 2023 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Peer Reviewed | Peer Reviewed |
Series ISSN | 2769-3899 |
Book Title | Proceedings of the 6th IEEE (Institute of Electrical and Electronics Engineers) International conference on Industrial cyber-physical systems 2023 (ICPS 2023) |
ISBN | 9798350311259 |
DOI | https://doi.org/10.1109/ICPS58381.2023.10128062 |
Keywords | Advanced persistent threats; Cyber-physical Systems; Critical infrastructures; Deep learning; Industrial control systems; Supervisory control and data acquisition |
Public URL | https://rgu-repository.worktribe.com/output/1931366 |
Files
EKE 2023 Advanced persistent threats (AAM)
(569 Kb)
PDF
Copyright Statement
© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
You might also like
Framework for detecting APTs based on steps analysis and correlation.
(2022)
Book Chapter
The use of machine learning algorithms for detecting advanced persistent threats.
(-0001)
Presentation / Conference Contribution
Detection of false command and response injection attacks for cyber physical systems security and resilience.
(-0001)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search