All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”

Detection of Advanced Persistent Threat Using Machine-Learning Correlation Analysis

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F18%3A00101837" target="_blank" >RIV/00216224:14330/18:00101837 - isvavai.cz</a>

  • Result on the web

    <a href="https://www.sciencedirect.com/science/article/pii/S0167739X18307532#" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167739X18307532#</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.future.2018.06.055" target="_blank" >10.1016/j.future.2018.06.055</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Detection of Advanced Persistent Threat Using Machine-Learning Correlation Analysis

  • Original language description

    As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10200 - Computer and information sciences

Result continuities

  • Project

    <a href="/en/project/OFMASUN201301" target="_blank" >OFMASUN201301: CIRC - Mobile dedicated devices to fulfilling ability to respond to cyber incidents</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2018

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Future Generation Computer Systems

  • ISSN

    0167-739X

  • e-ISSN

    1872-7115

  • Volume of the periodical

    89

  • Issue of the periodical within the volume

    Dec

  • Country of publishing house

    NL - THE KINGDOM OF THE NETHERLANDS

  • Number of pages

    11

  • Pages from-to

    349-359

  • UT code for WoS article

    000444360500028

  • EID of the result in the Scopus database