A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method
This work addresses the critical need for lightweight intrusion detection systems to mitigate APT consequences in cybersecurity, though it appears incremental as it builds on existing methods like XGBoost and SHAP.
The paper tackled the problem of early detection of Advanced Persistent Threats (APTs) in networks by proposing a feature selection method, achieving a reduction from 77 to 4 features while maintaining high metrics like 97% precision and 100% recall.
An Advanced Persistent Threat (APT) is a multistage, highly sophisticated, and covert form of cyber threat that gains unauthorized access to networks to either steal valuable data or disrupt the targeted network. These threats often remain undetected for extended periods, emphasizing the critical need for early detection in networks to mitigate potential APT consequences. In this work, we propose a feature selection method for developing a lightweight intrusion detection system capable of effectively identifying APTs at the initial compromise stage. Our approach leverages the XGBoost algorithm and Explainable Artificial Intelligence (XAI), specifically utilizing the SHAP (SHapley Additive exPlanations) method for identifying the most relevant features of the initial compromise stage. The results of our proposed method showed the ability to reduce the selected features of the SCVIC-APT-2021 dataset from 77 to just four while maintaining consistent evaluation metrics for the suggested system. The estimated metrics values are 97% precision, 100% recall, and a 98% F1 score. The proposed method not only aids in preventing successful APT consequences but also enhances understanding of APT behavior at early stages.