A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base
Advanced persistent threat (APT) is a special attack method, which is usually initiated by hacker groups to steal data or destroy systems for large enterprises and even countries. APT has a long-term and multi-stage characteristic, which makes it difficult for traditional detection methods to effect...
Guardado en:
| Autores principales: | , , , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
MDPI AG
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/6dedf2bd17224c4cbaf58478fe60f328 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:6dedf2bd17224c4cbaf58478fe60f328 |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:6dedf2bd17224c4cbaf58478fe60f3282021-11-11T15:00:11ZA Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base10.3390/app112198992076-3417https://doaj.org/article/6dedf2bd17224c4cbaf58478fe60f3282021-10-01T00:00:00Zhttps://www.mdpi.com/2076-3417/11/21/9899https://doaj.org/toc/2076-3417Advanced persistent threat (APT) is a special attack method, which is usually initiated by hacker groups to steal data or destroy systems for large enterprises and even countries. APT has a long-term and multi-stage characteristic, which makes it difficult for traditional detection methods to effectively identify. To detect APT attacks requires solving some problems: how to deal with various uncertain information during APT attack detection, how to fully train the APT detection model with small attack samples, and how to obtain the interpretable detection results for subsequent APT attack forensics. Traditional detection methods cannot effectively utilize multiple uncertain information with small samples. Meanwhile, most detection models are black box and lack a transparent calculation process, which makes it impossible for managers to analyze the reliability and evidence of the results. To solve these problems, a novel detection method based on belief rule base (BRB) is proposed in this paper, where expert knowledge and small samples are both utilized to obtain interpretable detection results. A case study with numerical simulation is established to prove the effectiveness and practicality of the proposed method.Guozhu WangYiwen CuiJie WangLihua WuGuanyu HuMDPI AGarticleadvanced persistent threatbelief rule baseattack detectionnetwork securityTechnologyTEngineering (General). Civil engineering (General)TA1-2040Biology (General)QH301-705.5PhysicsQC1-999ChemistryQD1-999ENApplied Sciences, Vol 11, Iss 9899, p 9899 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
advanced persistent threat belief rule base attack detection network security Technology T Engineering (General). Civil engineering (General) TA1-2040 Biology (General) QH301-705.5 Physics QC1-999 Chemistry QD1-999 |
| spellingShingle |
advanced persistent threat belief rule base attack detection network security Technology T Engineering (General). Civil engineering (General) TA1-2040 Biology (General) QH301-705.5 Physics QC1-999 Chemistry QD1-999 Guozhu Wang Yiwen Cui Jie Wang Lihua Wu Guanyu Hu A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base |
| description |
Advanced persistent threat (APT) is a special attack method, which is usually initiated by hacker groups to steal data or destroy systems for large enterprises and even countries. APT has a long-term and multi-stage characteristic, which makes it difficult for traditional detection methods to effectively identify. To detect APT attacks requires solving some problems: how to deal with various uncertain information during APT attack detection, how to fully train the APT detection model with small attack samples, and how to obtain the interpretable detection results for subsequent APT attack forensics. Traditional detection methods cannot effectively utilize multiple uncertain information with small samples. Meanwhile, most detection models are black box and lack a transparent calculation process, which makes it impossible for managers to analyze the reliability and evidence of the results. To solve these problems, a novel detection method based on belief rule base (BRB) is proposed in this paper, where expert knowledge and small samples are both utilized to obtain interpretable detection results. A case study with numerical simulation is established to prove the effectiveness and practicality of the proposed method. |
| format |
article |
| author |
Guozhu Wang Yiwen Cui Jie Wang Lihua Wu Guanyu Hu |
| author_facet |
Guozhu Wang Yiwen Cui Jie Wang Lihua Wu Guanyu Hu |
| author_sort |
Guozhu Wang |
| title |
A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base |
| title_short |
A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base |
| title_full |
A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base |
| title_fullStr |
A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base |
| title_full_unstemmed |
A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base |
| title_sort |
novel method for detecting advanced persistent threat attack based on belief rule base |
| publisher |
MDPI AG |
| publishDate |
2021 |
| url |
https://doaj.org/article/6dedf2bd17224c4cbaf58478fe60f328 |
| work_keys_str_mv |
AT guozhuwang anovelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT yiwencui anovelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT jiewang anovelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT lihuawu anovelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT guanyuhu anovelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT guozhuwang novelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT yiwencui novelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT jiewang novelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT lihuawu novelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase AT guanyuhu novelmethodfordetectingadvancedpersistentthreatattackbasedonbeliefrulebase |
| _version_ |
1718437897341763584 |