6533b7d1fe1ef96bd125cdb7

RESEARCH PRODUCT

A Novel Deep Learning Stack for APT Detection

Tero BodströmTimo Hämäläinen

subject

Advanced persistent threatProcess (engineering)Computer science020209 energyDistributed computing02 engineering and technologylcsh:Technologylcsh:ChemistryStack (abstract data type)020204 information systemsAdvanced Persistent Thread (APT)0202 electrical engineering electronic engineering information engineeringGeneral Materials Sciencetietoturvalcsh:QH301-705.5Instrumentationta113Fluid Flow and Transfer Processeslcsh:Tbusiness.industryProcess Chemistry and TechnologyDeep learningGeneral EngineeringFlow networklcsh:QC1-999Computer Science Applicationsnetwork anomaly detectionkoneoppiminenlcsh:Biology (General)lcsh:QD1-999lcsh:TA1-2040Deep Learning (DL)Artificial intelligencelcsh:Engineering (General). Civil engineering (General)Raw databusinessverkkohyökkäyksetlcsh:Physics

description

We present a novel Deep Learning (DL) stack for detecting Advanced Persistent threat (APT) attacks. This model is based on a theoretical approach where an APT is observed as a multi-vector multi-stage attack with a continuous strategic campaign. To capture these attacks, the entire network flow and particularly raw data must be used as an input for the detection process. By combining different types of tailored DL-methods, it is possible to capture certain types of anomalies and behaviour. Our method essentially breaks down a bigger problem into smaller tasks, tries to solve these sequentially and finally returns a conclusive result. This concept paper outlines, for example, the problems and possible solutions for the tasks. Additionally, we describe how we will be developing, implementing and testing the method in the near future.

yearjournalcountryeditionlanguage
2019-03-13
http://urn.fi/URN:NBN:fi:jyu-201903201916