Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Early Detection of The Advanced Persistent Threats Attacks Using Performance Analysis of Deep Learning

Version 1 : Received: 31 July 2020 / Approved: 31 July 2020 / Online: 31 July 2020 (11:01:59 CEST)

How to cite: Hassannataj Joloudari, J.; Haderbadi, M.; Mashmool, A.; GhasemiGol, M.; Shamshirband, S.; Mosavi, A. Early Detection of The Advanced Persistent Threats Attacks Using Performance Analysis of Deep Learning. Preprints 2020, 2020070745 (doi: 10.20944/preprints202007.0745.v1). Hassannataj Joloudari, J.; Haderbadi, M.; Mashmool, A.; GhasemiGol, M.; Shamshirband, S.; Mosavi, A. Early Detection of The Advanced Persistent Threats Attacks Using Performance Analysis of Deep Learning. Preprints 2020, 2020070745 (doi: 10.20944/preprints202007.0745.v1).

Abstract

One of the most common and important destructive attacks on the victim system is Advanced Persistent Threats (APT)-attack. The APT attacker can achieve his hostile goals by obtaining information and gaining financial benefits regarding the infrastructure of a network. One of the solutions to detect a secret APT attack is using network traffic. Due to the nature of the APT attack in terms of being on the network for a long time and the fact that the network may crash because of high traffic, it is difficult to detect this type of attack. Hence, in this study, machine learning methods such as C5.0 decision tree, Bayesian network and deep neural network are used for timely detection and classification of APT-attacks on the NSL-KDD data set. Moreover, 10-fold cross validation method is used to experiment these models. As a result, the accuracy (ACC) of the C5.0 decision tree, Bayesian network and 6-layer deep learning models is obtained as 95.64%, 88.37% and 98.85%, respectively, and also, in terms of the important criterion of the false positive rate (FPR), the FPR value for the C5.0 decision tree, Bayesian network and 6-layer deep learning models is obtained as 2.56, 10.47 and 1.13, respectively. Other criterions such as sensitivity, specificity, accuracy, false negative rate and F-measure are also investigated for the models, and the experimental results show that the deep learning model with automatic multi-layered extraction of features has the best performance for timely detection of an APT-attack comparing to other classification models.

Subject Areas

APT-attack; detection and classification; feature extraction; machine learning; C5.0 decision tree; Bayesian network; deep learning

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our diversity statement.

Leave a public comment
Send a private comment to the author(s)
Views 0
Downloads 0
Comments 0
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.