Saved in:
Bibliographic Details
Main Authors: Benabderrahmane, Sidahmed, Hoang, Ngoc, Valtchev, Petko, Cheney, James, Rahwan, Talal
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2406.19220
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910504520253440
author Benabderrahmane, Sidahmed
Hoang, Ngoc
Valtchev, Petko
Cheney, James
Rahwan, Talal
author_facet Benabderrahmane, Sidahmed
Hoang, Ngoc
Valtchev, Petko
Cheney, James
Rahwan, Talal
contents Advanced Persistent Threats (APTs) are sophisticated, targeted cyberattacks designed to gain unauthorized access to systems and remain undetected for extended periods. To evade detection, APT cyberattacks deceive defense layers with breaches and exploits, thereby complicating exposure by traditional anomaly detection-based security methods. The challenge of detecting APTs with machine learning is compounded by the rarity of relevant datasets and the significant imbalance in the data, which makes the detection process highly burdensome. We present AE-APT, a deep learning-based tool for APT detection that features a family of AutoEncoder methods ranging from a basic one to a Transformer-based one. We evaluated our tool on a suite of provenance trace databases produced by the DARPA Transparent Computing program, where APT-like attacks constitute as little as 0.004% of the data. The datasets span multiple operating systems, including Android, Linux, BSD, and Windows, and cover two attack scenarios. The outcomes showed that AE-APT has significantly higher detection rates compared to its competitors, indicating superior performance in detecting and ranking anomalies.
format Preprint
id arxiv_https___arxiv_org_abs_2406_19220
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Hack Me If You Can: Aggregating AutoEncoders for Countering Persistent Access Threats Within Highly Imbalanced Data
Benabderrahmane, Sidahmed
Hoang, Ngoc
Valtchev, Petko
Cheney, James
Rahwan, Talal
Cryptography and Security
Artificial Intelligence
Advanced Persistent Threats (APTs) are sophisticated, targeted cyberattacks designed to gain unauthorized access to systems and remain undetected for extended periods. To evade detection, APT cyberattacks deceive defense layers with breaches and exploits, thereby complicating exposure by traditional anomaly detection-based security methods. The challenge of detecting APTs with machine learning is compounded by the rarity of relevant datasets and the significant imbalance in the data, which makes the detection process highly burdensome. We present AE-APT, a deep learning-based tool for APT detection that features a family of AutoEncoder methods ranging from a basic one to a Transformer-based one. We evaluated our tool on a suite of provenance trace databases produced by the DARPA Transparent Computing program, where APT-like attacks constitute as little as 0.004% of the data. The datasets span multiple operating systems, including Android, Linux, BSD, and Windows, and cover two attack scenarios. The outcomes showed that AE-APT has significantly higher detection rates compared to its competitors, indicating superior performance in detecting and ranking anomalies.
title Hack Me If You Can: Aggregating AutoEncoders for Countering Persistent Access Threats Within Highly Imbalanced Data
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2406.19220