Developing Apt Attacks Detection System Based on Correlation Analysis Methods
Cho Do Xuan1, Tisenko Victor Nikolaevich2, Do Hoang Long3, Nguyen Vuong Tuan Hiep4, Le Quang Sang5
1Cho Do Xuan*, FPT University Hanoi, Vietnam.
2Tisenko Victor Nikolaevich, Peter the Great St. Petersburg Polytechnic University Russia, St. Petersburg, Poly Technicheskaya.
3Do Hoang Long, FPT University Hanoi, Vietnam.
4Nguyen Vuong Tuan Hiep, FPT University Hanoi, Vietnam.
5Le Quang Sang, FPT University Hanoi, Vietnam.
Manuscript received on February 10, 2020. | Revised Manuscript received on February 21, 2020. | Manuscript published on March 10, 2020. | PP: 419-424 | Volume-9 Issue-5, March 2020. | Retrieval Number: E2318039520/2020©BEIESP | DOI: 10.35940/ijitee.E2318.039520
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Advanced Persistent Threat (APT) is an exceptionally perilous attack with a specific target and purpose. It consists of various complex and devious techniques in order to be able to obtain a highly secured trade secret, sensitive information. Currently, the APT attack is tremendously difficult to deal with because of its unique design for each target, which makes prior experiences and rules less accurate in detecting APT attacks. In addition, the APT detection method also must not rely on any single procedures or solutions but to include several phases and technologies. On the other hand, correlation analysis technique is a mathematic one which figures how separate elements affect each other and produces conclusion based on multiple factors mutual properties. Hence, in this report, correlation analysis technique is proposed by the authors.
Keywords: Information Security, APT, Unknown Domain, Attack Detection, DNS log, Network Traffic, Correlation Analysis, Abnormal Behavior, Machine Learning.
Scope of the Article: Machine Learning.