A New Realistic Benchmark for Advanced Persistent Threats in Network Traffic

被引：5

作者：

Liu, Jinxin ^{[1
]}

Shen, Yu ^{[1
]}

Simsek, Murat ^{[1
]}

Kantarci, Burak ^{[1
]}

Mouftah, Hussein T. ^{[1
]}

Bagheri, Mehran ^{[2
]}

Djukic, Petar ^{[2
]}

机构：

[1] University of Ottawa, School of Electrical Engineering and Computer Science, Ottawa,ON,K1N 6N5, Canada

[2] Ciena Corporation, Ai and Analytics Department, Ottawa,ON,K2K 3K1, Canada

来源：

IEEE Networking Letters | 2022年 / 4卷 / 03期

关键词：

Advanced persistent threat - Attack centric method - Classification-tree analysis - Features extraction - Intrusion Detection Systems - Machine-learning - Networks security - Predictive models - Random forests - Reconnaissance;

D O I：

10.1109/LNET.2022.3185553

中图分类号：

学科分类号：

摘要：

In order to define a benchmark for Machine Learning (ML)-based Advanced Persistent Threat (APT) detection in the network traffic, this letter presents SCVIC-APT-2021, a new dataset that can realistically represent the contemporary network architecture and APT characteristics. Following upon this, an ML-based Attack Centric Method (ACM) is introduced to evaluate the APT detection performance on the generated dataset. Furthermore, ACM has been shown to outperform the baseline approaches with a maximum macro average F1 score of 82.27% corresponding to 9.4% improvement with respect to the baseline performance. © 2019 IEEE.

引用

页码：162 / 166

共 50 条

[21] Targeted Cyberattacks: A Superset of Advanced Persistent Threats
Sood, Aditya K.
Enbody, Richard J.
IEEE SECURITY & PRIVACY, 2013, 11 (01) : 54 - 61
[22] NeTraMark: A Network Traffic Classification Benchmark
Lee, Suchul
Kim, Hyun-chul
Barman, Dhiman
Lee, Sungryoul
Kim, Chong-kwon
Kwon, Ted 'Taekyoung'
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2011, 41 (01) : 23 - 30
[23] How to generate realistic network traffic?
Varet, Antoine
Larrieu, Nicolas
2014 IEEE 38TH ANNUAL INTERNATIONAL COMPUTERS, SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), 2014, : 299 - 304
[24] Realistic and responsive network traffic generation
Vishwanath, Kashi Venkatesh
Vahdat, Amin
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2006, 36 (04) : 111 - 122
[25] Modeling social worm propagation for advanced persistent threats
Zhou, Peng
Gu, Xiaojing
Nepal, Surya
Zhou, Jianying
COMPUTERS & SECURITY, 2021, 108
[26] Evidence-Based Detection of Advanced Persistent Threats
Tecuci, Gheorghe
Marcu, Dorin
Meckl, Steven
Boicu, Mihai
COMPUTING IN SCIENCE & ENGINEERING, 2018, 20 (06) : 54 - 65
[27] Are Software Updates Useless against Advanced Persistent Threats?
Massacci, Fabio
Di Tizio, Giorgio
COMMUNICATIONS OF THE ACM, 2023, 66 (01) : 31 - 33
[28] Decepticon: a Theoretical Framework to Counter Advanced Persistent Threats
Baksi, Rudra P.
Upadhyaya, Shambhu J.
INFORMATION SYSTEMS FRONTIERS, 2021, 23 (04) : 897 - 913
[29] Exploring the vulnerability in the inference phase of advanced persistent threats
Wu, Qi
Li, Qiang
Guo, Dong
Meng, Xiangyu
INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS, 2022, 18 (03)
[30] Decepticon: a Theoretical Framework to Counter Advanced Persistent Threats
Rudra P. Baksi
Shambhu J. Upadhyaya
Information Systems Frontiers, 2021, 23 : 897 - 913

← 1 2 3 4 5 →