Machine learning algorithm for advanced persistent threat detection
Date
2019-08
Authors
Omollo, Vincent
Abeka, Silvance
Journal Title
Journal ISSN
Volume Title
Publisher
Strathmore University
Abstract
Networked computer syster:ns are increasingly being employed to run critical infrastructural
activities by both private companies and governments. Advanced persistent threats have emerged
as serious security threats to these networks due to their level of sophistication and multiple attack
vectors. Conventional countermeasures against these network threats have been antivirus, antimalware,
firewalls, intrusion detection systems, intrusion prevention systems and sandboxing.
However, these techniques are ineffective against advanced persistent threats since the attackers
employ a number of evasion techniques such as code obfuscation and encryption. In addition,
these technologies are rarely monitored or updated, hence lulling end-user enterprises into a false
sense of security. The signature based scanning utilized in some of these technologies is unable
of detecting new and sophisticated malware. Sandboxes on their part, a number of malware
deploy sandbox detection techniques that help them detect when they are being analyzed and
evade the sandbox by hiding their malicious behavior. Due to these shortfalls, researchers have
proposed machine learning, deep neural networks, and data mining using misuse detection and
anomaly detection as possible threat detection strategies. Unfortunately, machine learning and
deep neural networks are susceptible to evasion attacks using adversarial examples that involve
small changes to the input data that cause misclassification at test time. Misuse detection is unable
to discover attacks whose instances have not yet been observed while anomaly detection can
generate false positives due to previously unseen and yet legitimate system behaviors being
recognized as anomalies, and hence flagged as potential intrusions. The aim of this paper will be
therefore to implement an enhanced algorithm for intrusion detection using machine learning to
curb the rising number of advanced persistent threats.
Description
Paper presented at the 5th Strathmore International Mathematics Conference (SIMC 2019), 12 - 16 August 2019, Strathmore University, Nairobi, Kenya
Keywords
Intrusion detection, Machine learning, Malware