A cyber kill chain approach for detecting advanced persistent threats
The number of cybersecurity incidents is on the rise despite significant investment in security measures. The existing conventional security approaches have demonstrated limited success against some of the more complex cyber-attacks. This is primarily due to the sophistication of the attacks and the...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Tech Science Press
2021
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/31811/ http://umpir.ump.edu.my/id/eprint/31811/1/A%20cyber%20kill%20chain%20approach%20for%20detecting%20advanced%20persistent%20threats.pdf |
| _version_ | 1848823862865690624 |
|---|---|
| author | Ahmed, Yussuf Asyhari, A.Taufiq Rahman, Md. Arafatur |
| author_facet | Ahmed, Yussuf Asyhari, A.Taufiq Rahman, Md. Arafatur |
| author_sort | Ahmed, Yussuf |
| building | UMP Institutional Repository |
| collection | Online Access |
| description | The number of cybersecurity incidents is on the rise despite significant investment in security measures. The existing conventional security approaches have demonstrated limited success against some of the more complex cyber-attacks. This is primarily due to the sophistication of the attacks and the availability of powerful tools. Interconnected devices such as the Internet of Things (IoT) are also increasing attack exposures due to the increase in vulnerabilities. Over the last few years, we have seen a trend moving towards embracing edge technologies to harness the power of IoT devices and 5G networks. Edge technology brings processing power closer to the network and brings many advantages, including reduced latency, while it can also introduce vulnerabilities that could be exploited. Smart cities are also dependent on technologies where everything is interconnected. This interconnectivity makes them highly vulnerable to cyber-attacks, especially by the Advanced Persistent Threat (APT), as these vulnerabilities are amplified by the need to integrate new technologies with legacy systems. Cybercriminals behind APT attacks have recently been targeting the IoT ecosystems, prevalent in many of these cities. In this paper, we used a publicly available dataset on Advanced Persistent Threats (APT) and developed a data-driven approach for detecting APT stages using the Cyber Kill Chain. APTs are highly sophisticated and targeted forms of attacks that can evade intrusion detection systems, resulting in one of the greatest current challenges facing security professionals. In this experiment, we used multiple machine learning classifiers, such as Naïve Bayes, Bayes Net, KNN, Random Forest and Support Vector Machine (SVM). We used Weka performance metrics to show the numeric results. The best performance result of 91.1% was obtained with the Naïve Bayes classifier. We hope our proposed solution will help security professionals to deal with APTs in a timely and effective manner. |
| first_indexed | 2025-11-15T03:03:53Z |
| format | Article |
| id | ump-31811 |
| institution | Universiti Malaysia Pahang |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T03:03:53Z |
| publishDate | 2021 |
| publisher | Tech Science Press |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | ump-318112021-08-20T15:21:44Z http://umpir.ump.edu.my/id/eprint/31811/ A cyber kill chain approach for detecting advanced persistent threats Ahmed, Yussuf Asyhari, A.Taufiq Rahman, Md. Arafatur HV Social pathology. Social and public welfare QA76 Computer software TK Electrical engineering. Electronics Nuclear engineering The number of cybersecurity incidents is on the rise despite significant investment in security measures. The existing conventional security approaches have demonstrated limited success against some of the more complex cyber-attacks. This is primarily due to the sophistication of the attacks and the availability of powerful tools. Interconnected devices such as the Internet of Things (IoT) are also increasing attack exposures due to the increase in vulnerabilities. Over the last few years, we have seen a trend moving towards embracing edge technologies to harness the power of IoT devices and 5G networks. Edge technology brings processing power closer to the network and brings many advantages, including reduced latency, while it can also introduce vulnerabilities that could be exploited. Smart cities are also dependent on technologies where everything is interconnected. This interconnectivity makes them highly vulnerable to cyber-attacks, especially by the Advanced Persistent Threat (APT), as these vulnerabilities are amplified by the need to integrate new technologies with legacy systems. Cybercriminals behind APT attacks have recently been targeting the IoT ecosystems, prevalent in many of these cities. In this paper, we used a publicly available dataset on Advanced Persistent Threats (APT) and developed a data-driven approach for detecting APT stages using the Cyber Kill Chain. APTs are highly sophisticated and targeted forms of attacks that can evade intrusion detection systems, resulting in one of the greatest current challenges facing security professionals. In this experiment, we used multiple machine learning classifiers, such as Naïve Bayes, Bayes Net, KNN, Random Forest and Support Vector Machine (SVM). We used Weka performance metrics to show the numeric results. The best performance result of 91.1% was obtained with the Naïve Bayes classifier. We hope our proposed solution will help security professionals to deal with APTs in a timely and effective manner. Tech Science Press 2021-02-05 Article PeerReviewed pdf en cc_by_4 http://umpir.ump.edu.my/id/eprint/31811/1/A%20cyber%20kill%20chain%20approach%20for%20detecting%20advanced%20persistent%20threats.pdf Ahmed, Yussuf and Asyhari, A.Taufiq and Rahman, Md. Arafatur (2021) A cyber kill chain approach for detecting advanced persistent threats. Computers, Materials and Continua, 67 (2). 2497 -2513. ISSN 1546-2218. (Published) https://doi.org/10.32604/cmc.2021.014223 https://doi.org/10.32604/cmc.2021.014223 |
| spellingShingle | HV Social pathology. Social and public welfare QA76 Computer software TK Electrical engineering. Electronics Nuclear engineering Ahmed, Yussuf Asyhari, A.Taufiq Rahman, Md. Arafatur A cyber kill chain approach for detecting advanced persistent threats |
| title | A cyber kill chain approach for detecting advanced persistent threats |
| title_full | A cyber kill chain approach for detecting advanced persistent threats |
| title_fullStr | A cyber kill chain approach for detecting advanced persistent threats |
| title_full_unstemmed | A cyber kill chain approach for detecting advanced persistent threats |
| title_short | A cyber kill chain approach for detecting advanced persistent threats |
| title_sort | cyber kill chain approach for detecting advanced persistent threats |
| topic | HV Social pathology. Social and public welfare QA76 Computer software TK Electrical engineering. Electronics Nuclear engineering |
| url | http://umpir.ump.edu.my/id/eprint/31811/ http://umpir.ump.edu.my/id/eprint/31811/ http://umpir.ump.edu.my/id/eprint/31811/ http://umpir.ump.edu.my/id/eprint/31811/1/A%20cyber%20kill%20chain%20approach%20for%20detecting%20advanced%20persistent%20threats.pdf |