Systematic mapping of detection techniques for advanced persistent threats

Abstract

Between the most complex security issues faced by private companies and public entities are Advanced Persistent Threats. These threats use multiple techniques and processes to carry out an attack on a specific entity. The need to combat cyber-attacks has driven the evolution of the Intrusion Detection System, usually by using Machine Learning technology. However, detecting an Advanced Persistent Threat is a very complex process due to the nature of the attack. The aim of this article is to conduct a systematic review of the literature to establish which classification algorithms and data sets offer better results when detecting anomalous traffic that could be caused by an Advanced Persistent Threat attack. The results obtained reflect that the most used dataset is UNSW-NB15 while the algorithms that offer the best precision are K-Nearest Neighbours and Decision Trees. Moreover, the most used tool for applying Machine Learning techniques is WEKA.