Advanced Persistent Threat Stage Prediction

Bibliographic Details
Main Author: Pires, João Pedro Marinho
Publication Date: 2023
Format: Master thesis
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/10400.26/54491
Summary: Advanced Persistent Threat (APT) have become one of the primary challenges in cyber defense. Characterized by sophisticated and prolonged attacks, these threats infiltrate networks aiming to steal sensitive data, often remaining undetected for extended periods. This evolution in attack tactics underscores the urgent need for improvements in defense strategies and threat detection. Within the scope of this thesis, a framework named Advanced Persistent Threat Stage Prediction (APTSP) was developed. APTSP is capable of predicting, based on identified threats, the current stage of the attack, as well as the most likely subsequent stage. It also provides insights into the most probable perpetrating APT group, considering known APTs. To achieve this, APTSP takes network data classified by an Intrusion Detection System (IDS) and applies a Markov model to determine the probabilities for the APT stages. It also uses a machine learning model to identify the potential agent responsible for the attack. APTSP was experimentally evaluated on a public dataset, comparing its results with different solutions. APTSP outperformed previous approaches in all the metrics used.
id RCAP_6a54930f5711f451668bf3fe6d8f7858
oai_identifier_str oai:comum.rcaap.pt:10400.26/54491
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Advanced Persistent Threat Stage PredictionAdvanced Persistent Threat (APT)Markov modelstage of the attackidentify the potential agentcyber defenseAmeaças Persistentes Avançadasmodelo de Markovestágio do APTidentificar os agentesciberdefesaAdvanced Persistent Threat (APT) have become one of the primary challenges in cyber defense. Characterized by sophisticated and prolonged attacks, these threats infiltrate networks aiming to steal sensitive data, often remaining undetected for extended periods. This evolution in attack tactics underscores the urgent need for improvements in defense strategies and threat detection. Within the scope of this thesis, a framework named Advanced Persistent Threat Stage Prediction (APTSP) was developed. APTSP is capable of predicting, based on identified threats, the current stage of the attack, as well as the most likely subsequent stage. It also provides insights into the most probable perpetrating APT group, considering known APTs. To achieve this, APTSP takes network data classified by an Intrusion Detection System (IDS) and applies a Markov model to determine the probabilities for the APT stages. It also uses a machine learning model to identify the potential agent responsible for the attack. APTSP was experimentally evaluated on a public dataset, comparing its results with different solutions. APTSP outperformed previous approaches in all the metrics used.Correia, Miguel Nuno Dias Alves PupoDias, Luís Filipe Xavier MendonçaRepositório ComumPires, João Pedro Marinho2025-02-20T14:46:58Z2023-12-052023-12-05T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.26/54491enginfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-14T17:03:56Zoai:comum.rcaap.pt:10400.26/54491Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T03:18:08.401681Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Advanced Persistent Threat Stage Prediction
title Advanced Persistent Threat Stage Prediction
spellingShingle Advanced Persistent Threat Stage Prediction
Pires, João Pedro Marinho
Advanced Persistent Threat (APT)
Markov model
stage of the attack
identify the potential agent
cyber defense
Ameaças Persistentes Avançadas
modelo de Markov
estágio do APT
identificar os agentes
ciberdefesa
title_short Advanced Persistent Threat Stage Prediction
title_full Advanced Persistent Threat Stage Prediction
title_fullStr Advanced Persistent Threat Stage Prediction
title_full_unstemmed Advanced Persistent Threat Stage Prediction
title_sort Advanced Persistent Threat Stage Prediction
author Pires, João Pedro Marinho
author_facet Pires, João Pedro Marinho
author_role author
dc.contributor.none.fl_str_mv Correia, Miguel Nuno Dias Alves Pupo
Dias, Luís Filipe Xavier Mendonça
Repositório Comum
dc.contributor.author.fl_str_mv Pires, João Pedro Marinho
dc.subject.por.fl_str_mv Advanced Persistent Threat (APT)
Markov model
stage of the attack
identify the potential agent
cyber defense
Ameaças Persistentes Avançadas
modelo de Markov
estágio do APT
identificar os agentes
ciberdefesa
topic Advanced Persistent Threat (APT)
Markov model
stage of the attack
identify the potential agent
cyber defense
Ameaças Persistentes Avançadas
modelo de Markov
estágio do APT
identificar os agentes
ciberdefesa
description Advanced Persistent Threat (APT) have become one of the primary challenges in cyber defense. Characterized by sophisticated and prolonged attacks, these threats infiltrate networks aiming to steal sensitive data, often remaining undetected for extended periods. This evolution in attack tactics underscores the urgent need for improvements in defense strategies and threat detection. Within the scope of this thesis, a framework named Advanced Persistent Threat Stage Prediction (APTSP) was developed. APTSP is capable of predicting, based on identified threats, the current stage of the attack, as well as the most likely subsequent stage. It also provides insights into the most probable perpetrating APT group, considering known APTs. To achieve this, APTSP takes network data classified by an Intrusion Detection System (IDS) and applies a Markov model to determine the probabilities for the APT stages. It also uses a machine learning model to identify the potential agent responsible for the attack. APTSP was experimentally evaluated on a public dataset, comparing its results with different solutions. APTSP outperformed previous approaches in all the metrics used.
publishDate 2023
dc.date.none.fl_str_mv 2023-12-05
2023-12-05T00:00:00Z
2025-02-20T14:46:58Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.26/54491
url http://hdl.handle.net/10400.26/54491
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833601655869800448

Similar Items