Ensemble classifiers for detection of advanced persistent threats

Okwara Jerry Chizoba 1, * and Buba Abba Kyari 2

1 Information and Communication Technology Unit, Centre for Entrepreneurship Development and Vocational Studies, The Federal Polytechnic Ado-Ekiti.
2 Faculty of Social and Management Science, Dept. of Business Administration, Yobe State University.
 
Research Article
Global Journal of Engineering and Technology Advances, 2020, 02(02), 001-010.
Article DOI: 10.30574/gjeta.2020.2.2.0007
Publication history: 
Received on 01 February 2020; revised on 05 February 2020; accepted on 07 February 2020
 
Abstract: 
The demand for application of technology in almost all walks of life is in the increase and can be seen to be geared by the paradigm changes in industrial revolutions (current 4.0), IoT/IoE (Internet of Things/Internet of Everything) concept, Internet 2.0, Artificial Intelligence (AI), BYOD (Bring Your Own Device) to mention a few but not without their increased inherent vulnerabilities and exposure to sophisticated and dynamic awaiting threats. Advanced Persistent Threats (APTs) among other malwares are some of the malicious attacks given serious attention as they have shown some level of complexities thereby causing defender solutions to poorly detect them. Poor APT attack tactics understanding, insufficient network traffic log analysis and poor classification are some of the problems identified for poor detection of these attacks. Network traffic logs are used by researchers to analyze the network and track attacks as packets move across network nodes. This research studies attack modelling in order to understand APT attack tactics and generate their dataset through simulation as well as a real dataset for normal operation. The experiment will be simulated on a virtual environment using dimensionality reduction technique on the network traffic log for improved log processing. To improve the APT detection accuracy flawed by their stealthiness, the ensemble of classifiers (Support Vector Machine, Random Forest, Decision Tree) with majority voting is used for better attack classification which resultantly gives a better detection accuracy of 90.47%.
 
Keywords: 
Artificial Intelligence; Ensemble; Dimensionality reduction; Network traffic
 
Full text article in PDF: