Feasibility Approach Based on SecMonet Framework to Protect Networks from Advanced Persistent Threat Attacks

Abstract

Advanced Persistent Threat (APT) principally steal data once the attacker gains unauthorized access to network resources. In this paper, we propose a detection and defense technique based on SecMonet framework to avoid this sophisticated attack. SecMonet is a security framework that can gather events and flows, normalize them, create a valuable dataset, train a classifier based neural networks, and detect and defend against APT attacks. In this regard, log data from logging servers or Firewall has been considered by SecMonet. In addition, a ranking criterion for detected suspicious activities has been also considered by the classifier to detect APT attack. The proposed method has been evaluated by a local simulated network and by a real network scenario. The result shows that the proposed technique can significantly detected APT attacks.