A Novel Machine Learning Model for Early Detection of Advanced Persistent Threats Utilizing Semi-Synthetic Network Traffic Data

Abstract

Advanced Persistent Threats are not merely a buzzword, these highly sophisticated and stealthy cyber threats are characterized by their ability to infiltrate and persistently operate within target systems for extended periods, often remaining undetected until significant damage has been done. APTs have emerged as a formidable adversary, and it frequently attack important infrastructure, government entities, and private businesses. This research paper embarks on an examination of APTs, shedding light on their characteristics and strategies. The proposed model APTGuard in the paper presents vital way to detect and counter this menace effectively, employing a methodology that involves utilizing a Semi-Synthetic dataset using 6.8 Million samples of processed network flows for training and testing. Orchestrating four pivotal phases: data collection, feature selection, data pre-processing and applying of machine learning algorithms. Encompassing the application of the algorithms: long short-term memory (LSTM), logistic regression (LR), support vector machine (SVM), and k-nearest neighbours (KNN), with comparing the results, the paper emphasizes that APT Guard, achieves a notable accuracy of 99.89 % using 83 features. The paper makes a substantial contribution to create effective method for detecting and resist hidden and malicious APTs