Abstract:
Network infiltrations due to advanced persistent threats (APTs) have significantly grown in recent years. Their primary objective is to gain unauthorized access to networ...Show MoreMetadata
Abstract:
Network infiltrations due to advanced persistent threats (APTs) have significantly grown in recent years. Their primary objective is to gain unauthorized access to network assets, compromise system and data. APTs are stealthy and remain dormant for an extended period of time, which makes their detection challenging. In this article, we leverage machine learning (ML) to detect hosts in a network that are a target of an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab dataset. We (i) scrutinize graph-based features extracted from host authentication logs, (ii) use feature engineering to reduce dimensionality, (iii) explore balancing the training dataset using over- and under-sampling techniques, (iv) evaluate numerous supervised ML techniques and their ensemble, (v) compare our classification model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead, and (vi) perturb the attack patterns to study the influence of change in attack frequency and scale on classification performance, and propose a solution for such adversarial behavior.
Published in: IEEE Transactions on Network and Service Management ( Volume: 18, Issue: 1, March 2021)
Funding Agency:
Department of Computer Science, University of Waterloo, Waterloo, Canada
Haibo Bian received the B.S.E. degree from Zhejiang University in 2016, and the M.Math. degree in computer science from the University of Waterloo in 2019. His current research interests include the network functions virtualization, cybersecurity, and machine learning.
Haibo Bian received the B.S.E. degree from Zhejiang University in 2016, and the M.Math. degree in computer science from the University of Waterloo in 2019. His current research interests include the network functions virtualization, cybersecurity, and machine learning.View more
Department of Computer Science, University of Waterloo, Waterloo, Canada
Tim Bai received the B.C.S. degree and the M.Math. degree in computer science from the University of Waterloo in 2017 and 2019, respectively. His current research interests include the network softwarization, cybersecurity, and machine learning.
Tim Bai received the B.C.S. degree and the M.Math. degree in computer science from the University of Waterloo in 2017 and 2019, respectively. His current research interests include the network softwarization, cybersecurity, and machine learning.View more
David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, Canada
Mohammad A. Salahuddin (Member, IEEE) received the Ph.D. degree in computer science from Western Michigan University in 2014. He is a Research Assistant Professor with the David R. Cheriton School of Computer Science, University of Waterloo. His current research interests include the Internet of Things, content delivery networks, network softwarization, cloud computing, and cognitive network management. He serves as a TPC...Show More
Mohammad A. Salahuddin (Member, IEEE) received the Ph.D. degree in computer science from Western Michigan University in 2014. He is a Research Assistant Professor with the David R. Cheriton School of Computer Science, University of Waterloo. His current research interests include the Internet of Things, content delivery networks, network softwarization, cloud computing, and cognitive network management. He serves as a TPC...View more
D.C. School of Computer Science, University of Waterloo, Waterloo, Canada
Noura Limam received the M.Sc. and Ph.D. degrees in computer science from the University Pierre and Marie Curie (Sorbonne University) in 2002 and 2007, respectively. She is currently a Research Assistant Professor of Computer Science with the University of Waterloo. Her contributions are in the area of network and service management. Her current research interests are in network softwarization and cognitive network manage...Show More
Noura Limam received the M.Sc. and Ph.D. degrees in computer science from the University Pierre and Marie Curie (Sorbonne University) in 2002 and 2007, respectively. She is currently a Research Assistant Professor of Computer Science with the University of Waterloo. Her contributions are in the area of network and service management. Her current research interests are in network softwarization and cognitive network manage...View more
D.C. School of Computer Science, University of Waterloo, Waterloo, Canada
Abbas Abou Daya received the B.Eng. degree in electrical and computer engineering from the American University of Beirut, and the M.Math. degree in computer science from the University of Waterloo in 2019. His current research interests involve machine learning, cybersecurity, and networks and systems.
Abbas Abou Daya received the B.Eng. degree in electrical and computer engineering from the American University of Beirut, and the M.Math. degree in computer science from the University of Waterloo in 2019. His current research interests involve machine learning, cybersecurity, and networks and systems.View more
Department of Computer Science, University of Waterloo, Waterloo, Canada
Raouf Boutaba (Fellow, IEEE) received the M.Sc. and Ph.D. degrees in computer science from Sorbonne University in 1990 and 1994, respectively. He is currently a University Chair Professor and the Director of the David R. Cheriton School of Computer Science, University of Waterloo, Canada. He also holds an INRIA International Chair in France. He was the Founding Editor-in-Chief of the IEEE Transactions on Network and Servi...Show More
Raouf Boutaba (Fellow, IEEE) received the M.Sc. and Ph.D. degrees in computer science from Sorbonne University in 1990 and 1994, respectively. He is currently a University Chair Professor and the Director of the David R. Cheriton School of Computer Science, University of Waterloo, Canada. He also holds an INRIA International Chair in France. He was the Founding Editor-in-Chief of the IEEE Transactions on Network and Servi...View more
Contents Department of Computer Science, University of Waterloo, Waterloo, Canada
Haibo Bian received the B.S.E. degree from Zhejiang University in 2016, and the M.Math. degree in computer science from the University of Waterloo in 2019. His current research interests include the network functions virtualization, cybersecurity, and machine learning.
Haibo Bian received the B.S.E. degree from Zhejiang University in 2016, and the M.Math. degree in computer science from the University of Waterloo in 2019. His current research interests include the network functions virtualization, cybersecurity, and machine learning.View more
Department of Computer Science, University of Waterloo, Waterloo, Canada
Tim Bai received the B.C.S. degree and the M.Math. degree in computer science from the University of Waterloo in 2017 and 2019, respectively. His current research interests include the network softwarization, cybersecurity, and machine learning.
Tim Bai received the B.C.S. degree and the M.Math. degree in computer science from the University of Waterloo in 2017 and 2019, respectively. His current research interests include the network softwarization, cybersecurity, and machine learning.View more
David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, Canada
Mohammad A. Salahuddin (Member, IEEE) received the Ph.D. degree in computer science from Western Michigan University in 2014. He is a Research Assistant Professor with the David R. Cheriton School of Computer Science, University of Waterloo. His current research interests include the Internet of Things, content delivery networks, network softwarization, cloud computing, and cognitive network management. He serves as a TPC member for international conferences and a reviewer for various journals and magazines.
Mohammad A. Salahuddin (Member, IEEE) received the Ph.D. degree in computer science from Western Michigan University in 2014. He is a Research Assistant Professor with the David R. Cheriton School of Computer Science, University of Waterloo. His current research interests include the Internet of Things, content delivery networks, network softwarization, cloud computing, and cognitive network management. He serves as a TPC member for international conferences and a reviewer for various journals and magazines.View more
D.C. School of Computer Science, University of Waterloo, Waterloo, Canada
Noura Limam received the M.Sc. and Ph.D. degrees in computer science from the University Pierre and Marie Curie (Sorbonne University) in 2002 and 2007, respectively. She is currently a Research Assistant Professor of Computer Science with the University of Waterloo. Her contributions are in the area of network and service management. Her current research interests are in network softwarization and cognitive network management.
Noura Limam received the M.Sc. and Ph.D. degrees in computer science from the University Pierre and Marie Curie (Sorbonne University) in 2002 and 2007, respectively. She is currently a Research Assistant Professor of Computer Science with the University of Waterloo. Her contributions are in the area of network and service management. Her current research interests are in network softwarization and cognitive network management.View more
D.C. School of Computer Science, University of Waterloo, Waterloo, Canada
Abbas Abou Daya received the B.Eng. degree in electrical and computer engineering from the American University of Beirut, and the M.Math. degree in computer science from the University of Waterloo in 2019. His current research interests involve machine learning, cybersecurity, and networks and systems.
Abbas Abou Daya received the B.Eng. degree in electrical and computer engineering from the American University of Beirut, and the M.Math. degree in computer science from the University of Waterloo in 2019. His current research interests involve machine learning, cybersecurity, and networks and systems.View more
Department of Computer Science, University of Waterloo, Waterloo, Canada
Raouf Boutaba (Fellow, IEEE) received the M.Sc. and Ph.D. degrees in computer science from Sorbonne University in 1990 and 1994, respectively. He is currently a University Chair Professor and the Director of the David R. Cheriton School of Computer Science, University of Waterloo, Canada. He also holds an INRIA International Chair in France. He was the Founding Editor-in-Chief of the IEEE Transactions on Network and Service Management from 2007 to 2010. He is currently the Editor-in-Chief of the IEEE Journal on Selected Areas in Communications. He is a fellow of the Engineering Institute of Canada, the Canadian Academy of Engineering, and the Royal Society of Canada.
Raouf Boutaba (Fellow, IEEE) received the M.Sc. and Ph.D. degrees in computer science from Sorbonne University in 1990 and 1994, respectively. He is currently a University Chair Professor and the Director of the David R. Cheriton School of Computer Science, University of Waterloo, Canada. He also holds an INRIA International Chair in France. He was the Founding Editor-in-Chief of the IEEE Transactions on Network and Service Management from 2007 to 2010. He is currently the Editor-in-Chief of the IEEE Journal on Selected Areas in Communications. He is a fellow of the Engineering Institute of Canada, the Canadian Academy of Engineering, and the Royal Society of Canada.View more
