Machine Learning based Advanced Persistent Threats (APT) detection in Windows

Abstract

Advanced Persistent Threats (APTs) turns into significant and ongoing concern of cyber security as the smart threat actors use advance ways to infiltrate and persist within targeted systems for a longer period of time. Every APT attack goes through various stages before its completion making it difficult for conventional signature-based techniques and rule-based intrusion detection systems to recognize these elusive threats. Machine learning (ML) techniques are utilized in recent past for the detection of the APTs in Windows environment using Network based detection. Due to the limited information extracted from network data, less known features are used by ML algorithms for detection therefore evading security systems. Therefore, this research focus on finding sophisticated new features that can aid in identifying the latest APTs in Windows environment. ML models like Random forest (RF), Convolution Neural Network(CNN), Naïve Bayes (NB), Multi-Layer Perceptron (MLP) and Long short-term Memory (LSTM) with different encoding techniques (Frequency, Label, and Hot) are utilized for detection of the Windows APTs. Results show that MLP model using Label encoding, accomplished the highest accuracy i.e., (95.45%) and F1 score (95.267%), highlighting the potential of neural network in APT detection. These result validate the proposed model’s efficiency, feature selection, and data pre-processing in building effective Windows based security solutions.