• Login
    View Item 
    •   SU+ Home
    • Conferences / Workshops / Seminars +
    • Strathmore International Mathematics Conference
    • SIMC 2019
    • View Item
    •   SU+ Home
    • Conferences / Workshops / Seminars +
    • Strathmore International Mathematics Conference
    • SIMC 2019
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Machine learning algorithm for advanced persistent threat detection

    Thumbnail
    View/Open
    Abstract - SIMC Conference paper, 2019 (89.15Kb)
    Date
    2019-08
    Author
    Omollo, Vincent
    Abeka, Silvance
    Metadata
    Show full item record
    Abstract
    Networked computer syster:ns are increasingly being employed to run critical infrastructural activities by both private companies and governments. Advanced persistent threats have emerged as serious security threats to these networks due to their level of sophistication and multiple attack vectors. Conventional countermeasures against these network threats have been antivirus, antimalware, firewalls, intrusion detection systems, intrusion prevention systems and sandboxing. However, these techniques are ineffective against advanced persistent threats since the attackers employ a number of evasion techniques such as code obfuscation and encryption. In addition, these technologies are rarely monitored or updated, hence lulling end-user enterprises into a false sense of security. The signature based scanning utilized in some of these technologies is unable of detecting new and sophisticated malware. Sandboxes on their part, a number of malware deploy sandbox detection techniques that help them detect when they are being analyzed and evade the sandbox by hiding their malicious behavior. Due to these shortfalls, researchers have proposed machine learning, deep neural networks, and data mining using misuse detection and anomaly detection as possible threat detection strategies. Unfortunately, machine learning and deep neural networks are susceptible to evasion attacks using adversarial examples that involve small changes to the input data that cause misclassification at test time. Misuse detection is unable to discover attacks whose instances have not yet been observed while anomaly detection can generate false positives due to previously unseen and yet legitimate system behaviors being recognized as anomalies, and hence flagged as potential intrusions. The aim of this paper will be therefore to implement an enhanced algorithm for intrusion detection using machine learning to curb the rising number of advanced persistent threats.
    URI
    http://hdl.handle.net/11071/11861
    Collections
    • SIMC 2019 [99]

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     

    Browse

    All of SU+Communities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    Login

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV