A Study on the Importance of Features in Detecting Advanced Persistent Threats Using Machine Learning
This research addresses a significant security risk for organizations and industries by improving the detection of Advanced Persistent Threats, which is an incremental contribution to the field.
This study tackled the problem of detecting Advanced Persistent Threats (APTs) using machine learning and found that certain features are more important than others in detecting APT samples, although no specific numbers are provided. The result can enhance APT detection in real-world scenarios.
Advanced Persistent Threats (APTs) pose a significant security risk to organizations and industries. These attacks often lead to severe data breaches and compromise the system for a long time. Mitigating these sophisticated attacks is highly challenging due to the stealthy and persistent nature of APTs. Machine learning models are often employed to tackle this challenge by bringing automation and scalability to APT detection. Nevertheless, these intelligent methods are data-driven, and thus, highly affected by the quality and relevance of input data. This paper aims to analyze measurements considered when recording network traffic and conclude which features contribute more to detecting APT samples. To do this, we study the features associated with various APT cases and determine their importance using a machine learning framework. To ensure the generalization of our findings, several feature selection techniques are employed and paired with different classifiers to evaluate their effectiveness. Our findings provide insights into how APT detection can be enhanced in real-world scenarios.