A Novel Method for Detecting Advanced Persistent Threat Attack Based on Belief Rule Base

• Published in: Applied sciences Vol. 11; no. 21; p. 9899
• Main Authors: Wang, Guozhu, Cui, Yiwen, Wang, Jie, Wu, Lihua, Hu, Guanyu
• Format: Journal Article
• Language: English
• Published: Basel MDPI AG 01.11.2021
• Subjects: advanced persistent threat; Algorithms; attack detection; belief rule base; Decision trees; Forensic science; Information processing; Knowledge; Mathematical models; Methods; network security; Quantitative analysis; Reliability analysis; Support vector machines
• ISSN: 2076-3417; 2076-3417
• DOI: 10.3390/app11219899

Advanced persistent threat (APT) is a special attack method, which is usually initiated by hacker groups to steal data or destroy systems for large enterprises and even countries. APT has a long-term and multi-stage characteristic, which makes it difficult for traditional detection methods to effectively identify. To detect APT attacks requires solving some problems: how to deal with various uncertain information during APT attack detection, how to fully train the APT detection model with small attack samples, and how to obtain the interpretable detection results for subsequent APT attack forensics. Traditional detection methods cannot effectively utilize multiple uncertain information with small samples. Meanwhile, most detection models are black box and lack a transparent calculation process, which makes it impossible for managers to analyze the reliability and evidence of the results. To solve these problems, a novel detection method based on belief rule base (BRB) is proposed in this paper, where expert knowledge and small samples are both utilized to obtain interpretable detection results. A case study with numerical simulation is established to prove the effectiveness and practicality of the proposed method.