A cyber kill chain approach for detecting advanced persistent threats

Ahmed, Yussuf and Asyhari, A.Taufiq and Rahman, Md. Arafatur (2021) A cyber kill chain approach for detecting advanced persistent threats. Computers, Materials and Continua, 67 (2). 2497 -2513. ISSN 1546-2218. (Published)

Pdf (Open access)
A cyber kill chain approach for detecting advanced persistent threats.pdf
Available under License Creative Commons Attribution.

Download (779kB) | Preview


The number of cybersecurity incidents is on the rise despite significant investment in security measures. The existing conventional security approaches have demonstrated limited success against some of the more complex cyber-attacks. This is primarily due to the sophistication of the attacks and the availability of powerful tools. Interconnected devices such as the Internet of Things (IoT) are also increasing attack exposures due to the increase in vulnerabilities. Over the last few years, we have seen a trend moving towards embracing edge technologies to harness the power of IoT devices and 5G networks. Edge technology brings processing power closer to the network and brings many advantages, including reduced latency, while it can also introduce vulnerabilities that could be exploited. Smart cities are also dependent on technologies where everything is interconnected. This interconnectivity makes them highly vulnerable to cyber-attacks, especially by the Advanced Persistent Threat (APT), as these vulnerabilities are amplified by the need to integrate new technologies with legacy systems. Cybercriminals behind APT attacks have recently been targeting the IoT ecosystems, prevalent in many of these cities. In this paper, we used a publicly available dataset on Advanced Persistent Threats (APT) and developed a data-driven approach for detecting APT stages using the Cyber Kill Chain. APTs are highly sophisticated and targeted forms of attacks that can evade intrusion detection systems, resulting in one of the greatest current challenges facing security professionals. In this experiment, we used multiple machine learning classifiers, such as Naïve Bayes, Bayes Net, KNN, Random Forest and Support Vector Machine (SVM). We used Weka performance metrics to show the numeric results. The best performance result of 91.1% was obtained with the Naïve Bayes classifier. We hope our proposed solution will help security professionals to deal with APTs in a timely and effective manner.

Item Type: Article
Additional Information: Indexed by Scopus
Uncontrolled Keywords: Advanced persistent threat; APT; Cyber Kill Chain; Data breach; Intrusion detection; Cyber-attack; Attack prediction; Data-driven security and machine learning
Subjects: H Social Sciences > HV Social pathology. Social and public welfare
Q Science > QA Mathematics > QA76 Computer software
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty/Division: Faculty of Computing
Depositing User: Mrs Norsaini Abdul Samat
Date Deposited: 20 Aug 2021 15:21
Last Modified: 20 Aug 2021 15:21
URI: http://umpir.ump.edu.my/id/eprint/31811
Download Statistic: View Download Statistics

Actions (login required)

View Item View Item