Advanced Persistent Threat Attack Detection using Clustering Algorithms

Abstract

Advanced Persistent Threat (APT) attack has become one of the most complex attacks. It targets sensitive information. Many cybersecurity systems have been developed to detect the APT attack from network data traffic and request. However, they still need to be improved to identify this attack effectively due to its complexity and slow move. It gets access to the organizations either from an active directory or by gaining remote access, or even by targeting the Domain Name Server (DNS). Nowadays, many machine learning (ML) techniques have been implemented to detect APT attack by using the tools in the market. However, still, there are some limitations in terms of accuracy, efficiency, and effectiveness, especially the lack of labeled data to train ML methods. This paper proposes a framework to detect APT attacks using the most applicable clustering algorithms, such as the APRIORI, K-means, and Hunt’s algorithm. To evaluate and compare the performance of the proposed framework, several experiments are conducted on a public dataset. The experimental results showed that the Support Vector Machine with Radial Basis Function (SVM-RBF) achieves the highest accuracy rate, reaching about 99.2%. This accurate result confirms the effectiveness of the developed framework for detecting attacks from network data traffic.