Abstract
Advanced Persistent Threats (APTs) are a highly sophisticated type of cyber attack usually aimed at large and powerful organisations. Human expert knowledge, coded as rules, can be used to detect these attacks when they attempt to extract information of their victim hidden within normal http traffic. Often, experts base their decisions on anomaly detection techniques, working under the hypothesis that APTs generate traffic that differs from normal traffic. In this work we aim at developing classifiers that can help human experts to find APTs. We first define an anomaly score metric to select the most anomalous subset of traffic data; then the human expert labels the instances within this set; finally we train a classifier using both labelled and unlabelled data. Three computational intelligence methods were employed to train classifiers, namely genetic programming, decision trees and support vector machines. The results show their potential in the fight against APTs.
FBR was partially funded with a Torres Quevedo grant from the Ministry of Economy and Competitiveness.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Virvilis, N., Gritzalis, D., Apostolopoulos, T.: Trusted computing versus advanced persistent threats: can a defender win this game?. In: IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 10th International Conference on Autonomic and Trusted Computing (UIC/ATC) (2013)
Sullivan, D.: Beyond the hype: advanced persistent threats. Technical Report, TrendMICRO, 2011
Lemos, R.: Stuxnet attack more effective than bombs (2011). http://goo.gl/cnthbC
Symantec, W32.duqu—the precursor to the next stuxnet. (2011). http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet
Bencsath, B., Pek, G., Buttyan, L., Felegyhazi, M.: The cousins of stuxnet: Duqu, flame, and gauss. Future Internet 4(4), 971–1003 (2012)
Labs, K.: “Red october” diplomatic cyber attacks investigation. (2013). http://goo.gl/JbLuOa
Tivadar, M., Balazs, B., Istrate, C.: A closer look at miniduke. (2013). http://goo.gl/YKoupm
Binde, B., McRee, R., OConnor, T.: Assessing outbound traffic to uncover advanced persistent threads, Technical Report, SANS Technology Institute, 2011
Lee, M., Lewis, D.: Clustering disparate attacks: Mapping the activities of the advanced persistent threat. In: Virus Bulletin Conference (2011)
Cutler, T.: The anatomy of an advanced persistent threat (2010). http://www.securityweek.com/anatomy-advanced-persistent-threat
Molok, N., Chang, S., Ahmad, A.: Information leakage through online social networking: opening the doorway for advanced persistence threats. In: Australian Information Security Management Conference (2010)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)
Kumar, V.: Parallel and distributed computing for cybersecurity. IEEE Distrib. Syst. 6(10), 1–9 (2005)
Spence, C., Parra, L., Sajda, P.: Detection, synthesis and compression in mammographic image analysis with a hierarchical image probability model. In: IEEE Workshop on Mathematical Methods in Biomedical Image Analysis (2001)
Aleskerov, E., Freisleben, B., Rao, B.: Cardwatch: A neural network based database mining system for credit card fraud detection. In: IEEE Conference on Computational Intelligence for Financial Engineering (1997)
Fujimaki, R. Yairi, T., Machida, K.: An approach to spacecraft anomaly detection problem using kernel feature space. In: 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining (2005)
Duda, R.O., Hart, P., Stork, D.: Pattern Classification, Wiley-Interscience (2001)
Stefano, C.D., Sansone, C., Vento, M.: To reject or not to reject: that is the question: an answer in the case of neural classifiers. IEEE Trans. Syst. Man Cybern. 30(1), 84–94 (2000)
Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using bayes estimators. In: 1st SIAM International Conference on Data Mining (2001)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: Ageometric framework for unsupervised anomaly detection. In: Conference on Applications of Data Mining in Computer Security, Kluwer Academics (2002)
Tan, P., Steinbach, M.K.: Introduction to Data Mining, Addison-Wesley (2005)
Ramaswamy, S., Rastogi, R., Shim, K.: Efficient algorithms for mining outliers from large data sets, In: CMSIGMOD International Conference on Management of Data (2000)
Breunig, M., Kriegel, H. Ng, R. Sander, J.: Lof: Identifying density-based local outliers. In: ACM SIGMOD International Conference on Management of Data (2000)
Guha, S., Rastogi, R., Shim, K.: Rock: A robust clustering algorithm for categorical attributes. In: IEEE 15th International Conference on Data Engineering. vol. 25 no. 5 (1999)
Eskin, E.: Anomaly detection over noisy data using learned probability distributions, In: 17th International Conference on Machine Learning (2000)
Desforges, M., Jacob, P., Cooper, J.: Applications of probability density estimation to the detection of abnormal conditions in engineering, institution of Mechanical Engineers. Part C: J. Mech. Eng. Sci. 212(8), 687–703 (1998)
Keogh, E., Lonardi, S., Ratanamahatana, C.: Towards parameter-free data mining. In: 10th ACMSIG-KDD International Conference on Knowledge Discovery and Data Mining (2004)
Agovic, A., Banerjee, A., Ganguly, A.: Ch6 Anomaly detection in transportation corridors using manifold embedding. Knowledge Discovery from Sensor Data (2007)
Ingham, K., Inoue, H.: Comparing anomaly detection techniques for http. Recent Advances in Intrusion Detection. Springer, Berlin (2007)
Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: 10th ACM Conference on Computer and Communications Security (2003)
Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection. MIT Press, Cambridge (1992)
Espejo, P., Ventura, S., Herrera, F.: A survey on the application of genetic programming to classification. IEEE Trans. Syst. Man Cybern. Part C: Appl. Rev. 40(2), 121–144 (2010)
Lotz, M.: Modelling of process systems with genetic programming. Master’s thesis, University of Stellenbosch (2006)
Banzhaf, W., Nordin, P., Keller, R., Francone, F.: Genetic Programming: An Introduction, vol. 1. Morgan Kaufmann, San Francisco (1998)
Silva, S.: GPLAB A Genetic Programming Toolbox for MATLAB, ECOS - Evolutionary and Complex Systems Group University of Coimbra Portugal, version 3 edn
Safavian, S., Landgrebe, D.: A survey of decision tree classifier methodology. IEEE Trans. Syst. Man Cybern. 21(3), 660–674 (1991)
Breiman, L., Friedman, J., Stone, C., Olshen, R.: Classification and Regression Trees. CRC press, Boca Raton (1984)
Timofeev, R.: Classification and regression trees (cart) theory and applications. Master’s thesis, Humboldt University, Berlin (2004)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Hearst, M., Dumais, S., Osman, E., Platt, J., Scholkopf, B.: Support vector machines. Intell. Syst. Appl. IEEE 13(4), 18–28 (1998)
Burges, C.: A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov. 2(2), 121–167 (1998)
Alfaro-Cid, E., Sharman, K., Esparcia-Alcazar, A.: A genetic programming approach for bankruptcy prediction using a highly unbalanced database. Applications of Evolutionary Computing, pp. 169–178. Springer, Berlin (2007)
Thierens, D.: Scalability problems of simple genetic algorithms. Evol. Comput. 7(4), 331–352 (1999)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Barceló-Rico, F., Esparcia-Alcázar, A.I., Villalón-Huerta, A. (2016). Semi-Supervised Classification System for the Detection of Advanced Persistent Threats. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H. (eds) Recent Advances in Computational Intelligence in Defense and Security. Studies in Computational Intelligence, vol 621. Springer, Cham. https://doi.org/10.1007/978-3-319-26450-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-26450-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26448-6
Online ISBN: 978-3-319-26450-9
eBook Packages: EngineeringEngineering (R0)