Abstract
Between the most complex security issues faced by private companies and public entities are Advanced Persistent Threats. These threats use multiple techniques and processes to carry out an attack on a specific entity. The need to combat cyber-attacks has driven the evolution of the Intrusion Detection System, usually by using Machine Learning technology. However, detecting an Advanced Persistent Threat is a very complex process due to the nature of the attack. The aim of this article is to conduct a systematic review of the literature to establish which classification algorithms and data sets offer better results when detecting anomalous traffic that could be caused by an Advanced Persistent Threat attack. The results obtained reflect that the most used dataset is UNSW-NB15 while the algorithms that offer the best precision are K-Nearest Neighbours and Decision Trees. Moreover, the most used tool for applying Machine Learning techniques is WEKA.
The research described in this article has been partially funded by addendum 4 to the framework convention between the University of León and Instituto Nacional de Ciberseguridad (INCIBE).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Descubriendo amenazas a nivel gubernamental. https://www.ccn-cert.cni.es/documentos-publicos/x-jornadas-stic-ccn-cert/1849-p1-02-descubriendoamenazasgov/file.html
Abdulhammed, R., Faezipour, M., Abuzneid, A., AbuMallouh, A.: Deep and machine learning approaches for anomaly-based intrusion detection of imbalanced network traffic. IEEE Sens. Lett. 3(1), 1–4 (2019). https://doi.org/10.1109/LSENS.2018.2879990
Al-Rabiaah, S.: The ‘Stuxnet’ virus of 2010 as an example of A ‘APT’ and its ‘Recent’ variances. In: 21st Saudi Computer Society National Computer Conference, NCC 2018, Institute of Electrical and Electronics Engineers Inc. (2018). https://doi.org/10.1109/NCG.2018.8593143
Chen, S., Zuo, Z., Huang, Z.P., Guo, X.J.: A graphical feature generation approach for intrusion detection. In: MATEC Web of Conferences , vol. 44, 02041 (2016). https://doi.org/10.1051/matecconf/20164402041
Harish, B., Kumar, S.: Anomaly based intrusion detection using modified fuzzy clustering. Int. J. Interact. Multimed. Artif. Intell. 4(6), 54 (2017). https://doi.org/10.9781/ijimai.2017.05.002
Holguín, J.M., Moreno, M., Merino, B.: Detección de APTs. Technical report, INCIBE & CSIRT-CV, May 2013
Idhammad, M., Afdel, K., Belouch, M.: Distributed intrusion detection system for cloud environments based on data mining techniques. Proc. Comput. Sci. 127, 35–41 (2018). https://doi.org/10.1016/j.procs.2018.01.095
INCIBE: Guía nacional de notificación y gestión de ciberincidentes. Technical report, INCIBE, January 2019
Khan, I.A., Pi, D., Khan, Z.U., Hussain, Y., Nawaz, A.: HML-IDS: A hybrid-multilevel anomaly prediction approach for intrusion detection in SCADA systems. IEEE Access 7, 89507–89521 (2019). https://doi.org/10.1109/ACCESS.2019.2925838
Kitchenham, B.A., Budgen, D., Brereton, P.: Evidence-Based Software Engineering and Systematic Reviews, vol. 4. CRC Press (2016)
Luh, R., Marschalek, S., Kaiser, M., Janicke, H., Schrittwieser, S.: Semantics-aware detection of targeted attacks: A survey. J. Comput. Virol. Hack. Tech. 13(1), 47–85 (2017). https://doi.org/10.1007/s11416-016-0273-3
Ma, C., Du, X., Cao, L.: Analysis of multi-types of flow features based on hybrid neural network for improving network anomaly detection. IEEE Access 7, 148363–148380 (2019). https://doi.org/10.1109/ACCESS.2019.2946708
Moher, D., Liberati, A., Tetzlaff, J., Altman, D.G., ATP Group: Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. Ann. Internal Med. 151(4), 264–269 (2009). https://doi.org/10.7326/0003-4819-151-4-200908180-00135
Naseer, S., Saleem, Y., Khalid, S., Bashir, M.K., Han, J., Iqbal, M.M., Han, K.: Enhanced network anomaly detection based on deep neural networks. IEEE Access 6, 48231–48246 (2018). https://doi.org/10.1109/ACCESS.2018.2863036
Nawir, M., Amir, A., Lynn, O.B., Yaakob, N., Badlishah Ahmad, R.: Performances of machine learning algorithms for binary classification of network anomaly detection system. J. Phys. Conf. Ser. 1018, 012015 (2018). https://doi.org/10.1088/1742-6596/1018/1/012015
Nawir, M., Amir, A., Yaakob, N., Bi Lynn, O.: Effective and efficient network anomaly detection system using machine learning algorithm. Bull. Electric. Eng. Inform. 8(1), 46–51 (2019). https://doi.org/10.11591/eei.v8i1.1387
Ring, M., Dallmann, A., Landes, D., Hotho, A.: IP2Vec: Learning similarities between IP addresses. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 657–666, November 2017. https://doi.org/10.1109/ICDMW.2017.93
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Comput. Secur. 86, 147–167 (2019)
Roehrs, A., Da Costa, C., Da Rosa Righi, R., De Oliveira, K.: Personal health records: A systematic literature review. J. Med. Internet Res. 19(1) (2017). https://doi.org/10.2196/jmir.5876
Schardt, C., Adams, M.B., Owens, T., Keitz, S., Fontelo, P.: Utilization of the PICO framework to improve searching PubMed for clinical questions. BMC Med. Inform. Decis. Making 7(1), 16 (2007). https://doi.org/10.1186/1472-6947-7-16
Tama, B.A., Comuzzi, M., Rhee, K.H.: TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access 7, 94497–94507 (2019). https://doi.org/10.1109/ACCESS.2019.2928048
Verma, A., Ranga, V.: On evaluation of network intrusion detection systems: Statistical analysis of CIDDS-001 dataset using machine learning techniques. Pertanika J. Sci. Technol. 26, 1307–1332 (2018)
Verma, A., Ranga, V.: Statistical analysis of CIDDS-001 dataset for network intrusion detection systems using distance-based machine learning. Proc. Comput. Sci. 125, 709–716 (2018). https://doi.org/10.1016/j.procs.2017.12.091
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sobrín-Hidalgo, D., Campazas Vega, A., Guerrero Higueras, Á.M., Rodríguez Lera, F.J., Fernández-Llamas, C. (2021). Systematic Mapping of Detection Techniques for Advanced Persistent Threats. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_40
Download citation
DOI: https://doi.org/10.1007/978-3-030-57805-3_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57804-6
Online ISBN: 978-3-030-57805-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)