Skip to main content
SpringerLink
Log in

Systematic Mapping of Detection Techniques for Advanced Persistent Threats

  • Conference paper
  • First Online:
13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020) (CISIS 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1267))

Abstract

Between the most complex security issues faced by private companies and public entities are Advanced Persistent Threats. These threats use multiple techniques and processes to carry out an attack on a specific entity. The need to combat cyber-attacks has driven the evolution of the Intrusion Detection System, usually by using Machine Learning technology. However, detecting an Advanced Persistent Threat is a very complex process due to the nature of the attack. The aim of this article is to conduct a systematic review of the literature to establish which classification algorithms and data sets offer better results when detecting anomalous traffic that could be caused by an Advanced Persistent Threat attack. The results obtained reflect that the most used dataset is UNSW-NB15 while the algorithms that offer the best precision are K-Nearest Neighbours and Decision Trees. Moreover, the most used tool for applying Machine Learning techniques is WEKA.

The research described in this article has been partially funded by addendum 4 to the framework convention between the University of León and Instituto Nacional de Ciberseguridad (INCIBE).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Descubriendo amenazas a nivel gubernamental. https://www.ccn-cert.cni.es/documentos-publicos/x-jornadas-stic-ccn-cert/1849-p1-02-descubriendoamenazasgov/file.html

  2. Abdulhammed, R., Faezipour, M., Abuzneid, A., AbuMallouh, A.: Deep and machine learning approaches for anomaly-based intrusion detection of imbalanced network traffic. IEEE Sens. Lett. 3(1), 1–4 (2019). https://doi.org/10.1109/LSENS.2018.2879990

    Article  Google Scholar 

  3. Al-Rabiaah, S.: The ‘Stuxnet’ virus of 2010 as an example of A ‘APT’ and its ‘Recent’ variances. In: 21st Saudi Computer Society National Computer Conference, NCC 2018, Institute of Electrical and Electronics Engineers Inc. (2018). https://doi.org/10.1109/NCG.2018.8593143

  4. Chen, S., Zuo, Z., Huang, Z.P., Guo, X.J.: A graphical feature generation approach for intrusion detection. In: MATEC Web of Conferences , vol. 44, 02041 (2016). https://doi.org/10.1051/matecconf/20164402041

  5. Harish, B., Kumar, S.: Anomaly based intrusion detection using modified fuzzy clustering. Int. J. Interact. Multimed. Artif. Intell. 4(6), 54 (2017). https://doi.org/10.9781/ijimai.2017.05.002

    Article  Google Scholar 

  6. Holguín, J.M., Moreno, M., Merino, B.: Detección de APTs. Technical report, INCIBE & CSIRT-CV, May 2013

    Google Scholar 

  7. Idhammad, M., Afdel, K., Belouch, M.: Distributed intrusion detection system for cloud environments based on data mining techniques. Proc. Comput. Sci. 127, 35–41 (2018). https://doi.org/10.1016/j.procs.2018.01.095

    Article  Google Scholar 

  8. INCIBE: Guía nacional de notificación y gestión de ciberincidentes. Technical report, INCIBE, January 2019

    Google Scholar 

  9. Khan, I.A., Pi, D., Khan, Z.U., Hussain, Y., Nawaz, A.: HML-IDS: A hybrid-multilevel anomaly prediction approach for intrusion detection in SCADA systems. IEEE Access 7, 89507–89521 (2019). https://doi.org/10.1109/ACCESS.2019.2925838

    Article  Google Scholar 

  10. Kitchenham, B.A., Budgen, D., Brereton, P.: Evidence-Based Software Engineering and Systematic Reviews, vol. 4. CRC Press (2016)

    Google Scholar 

  11. Luh, R., Marschalek, S., Kaiser, M., Janicke, H., Schrittwieser, S.: Semantics-aware detection of targeted attacks: A survey. J. Comput. Virol. Hack. Tech. 13(1), 47–85 (2017). https://doi.org/10.1007/s11416-016-0273-3

    Article  Google Scholar 

  12. Ma, C., Du, X., Cao, L.: Analysis of multi-types of flow features based on hybrid neural network for improving network anomaly detection. IEEE Access 7, 148363–148380 (2019). https://doi.org/10.1109/ACCESS.2019.2946708

    Article  Google Scholar 

  13. Moher, D., Liberati, A., Tetzlaff, J., Altman, D.G., ATP Group: Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. Ann. Internal Med. 151(4), 264–269 (2009). https://doi.org/10.7326/0003-4819-151-4-200908180-00135

  14. Naseer, S., Saleem, Y., Khalid, S., Bashir, M.K., Han, J., Iqbal, M.M., Han, K.: Enhanced network anomaly detection based on deep neural networks. IEEE Access 6, 48231–48246 (2018). https://doi.org/10.1109/ACCESS.2018.2863036

    Article  Google Scholar 

  15. Nawir, M., Amir, A., Lynn, O.B., Yaakob, N., Badlishah Ahmad, R.: Performances of machine learning algorithms for binary classification of network anomaly detection system. J. Phys. Conf. Ser. 1018, 012015 (2018). https://doi.org/10.1088/1742-6596/1018/1/012015

    Article  Google Scholar 

  16. Nawir, M., Amir, A., Yaakob, N., Bi Lynn, O.: Effective and efficient network anomaly detection system using machine learning algorithm. Bull. Electric. Eng. Inform. 8(1), 46–51 (2019). https://doi.org/10.11591/eei.v8i1.1387

  17. Ring, M., Dallmann, A., Landes, D., Hotho, A.: IP2Vec: Learning similarities between IP addresses. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 657–666, November 2017. https://doi.org/10.1109/ICDMW.2017.93

  18. Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019)

    Article  Google Scholar 

  19. Roehrs, A., Da Costa, C., Da Rosa Righi, R., De Oliveira, K.: Personal health records: A systematic literature review. J. Med. Internet Res. 19(1) (2017). https://doi.org/10.2196/jmir.5876

  20. Schardt, C., Adams, M.B., Owens, T., Keitz, S., Fontelo, P.: Utilization of the PICO framework to improve searching PubMed for clinical questions. BMC Med. Inform. Decis. Making 7(1), 16 (2007). https://doi.org/10.1186/1472-6947-7-16

    Article  Google Scholar 

  21. Tama, B.A., Comuzzi, M., Rhee, K.H.: TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access 7, 94497–94507 (2019). https://doi.org/10.1109/ACCESS.2019.2928048

    Article  Google Scholar 

  22. Verma, A., Ranga, V.: On evaluation of network intrusion detection systems: Statistical analysis of CIDDS-001 dataset using machine learning techniques. Pertanika J. Sci. Technol. 26, 1307–1332 (2018)

    Google Scholar 

  23. Verma, A., Ranga, V.: Statistical analysis of CIDDS-001 dataset for network intrusion detection systems using distance-based machine learning. Proc. Comput. Sci. 125, 709–716 (2018). https://doi.org/10.1016/j.procs.2017.12.091

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Robotics Group, University of León, Campus de Vegazana S/N, 24071, León, Spain

    David Sobrín-Hidalgo, Ángel Manuel Guerrero Higueras, Francisco Javier Rodríguez Lera & Camino Fernández-Llamas

  2. Supercomputación Castilla y León (SCAyLE), Campus de Vegazana S/N, 24071, León, Spain

    Adrián Campazas Vega

Authors
  1. David Sobrín-Hidalgo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adrián Campazas Vega
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ángel Manuel Guerrero Higueras
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Francisco Javier Rodríguez Lera
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Camino Fernández-Llamas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ángel Manuel Guerrero Higueras .

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Álvaro Herrero

  2. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Carlos Cambra

  3. Grupo de Inteligencia Computacional Aplicada (GICAP), Departamento de Ingeniería Informática, Escuela Politécnica Superior, Universidad de Burgos, Burgos, Spain

    Daniel Urda

  4. Technological Institute of Castilla y León, Burgos, Spain

    Javier Sedano

  5. Department of Industrial Engineering, University of A Coruña, La Coruña, Spain

    Héctor Quintián

  6. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sobrín-Hidalgo, D., Campazas Vega, A., Guerrero Higueras, Á.M., Rodríguez Lera, F.J., Fernández-Llamas, C. (2021). Systematic Mapping of Detection Techniques for Advanced Persistent Threats. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_40

Download citation

Publish with us

Policies and ethics

Search

Navigation