A Cyber Kill Chain Approach for Detecting Advanced Persistent Threats

Ahmed, Yussuf and Taufiq, Asyhari and Md Arafatur, Rahman (2021) A Cyber Kill Chain Approach for Detecting Advanced Persistent Threats. Computers, Materials and Continua, 67 (2). pp. 2497-2513. ISSN 1546-2218

A Cyber Kill Chain Approach for Detecting Advanced Persistent Threats.pdf - Published Version
Available under License Creative Commons Attribution.

Download (779kB)


The number of cybersecurity incidents is on the rise despite significant investment in security measures. The existing conventional security approaches have demonstrated limited success against some of the more complex cyber-attacks. This is primarily due to the sophistication of the attacks and the availability of powerful tools. Interconnected devices such as the Internet of Things (IoT) are also increasing attack exposures due to the increase in vulnerabilities. Over the last few years, we have seen a trend moving towards embracing edge technologies to harness the power of IoT devices and 5G networks. Edge technology brings processing power closer to the network and brings many advantages, including reduced latency, while it can also introduce vulnerabilities that could be exploited. Smart cities are also dependent on technologies where everything is interconnected. This interconnectivity makes them highly vulnerable to cyber-attacks, especially by the Advanced Persistent Threat (APT), as these vulnerabilities are amplified by the need to integrate new technologies with legacy systems. Cybercriminals behind APT attacks have recently been targeting the IoT ecosystems, prevalent in many of these cities. In this paper, we used a publicly available dataset on Advanced Persistent Threats (APT) and developed a data-driven approach for detecting APT stages using the Cyber Kill Chain. APTs are highly sophisticated and targeted forms of attacks that can evade intrusion detection systems, resulting in one of the greatest current challenges facing security professionals. In this experiment, we used multiple machine learning classifiers, such as Naïve Bayes, Bayes Net, KNN, Random Forest and Support Vector Machine (SVM). We used Weka performance metrics to show the numeric results. The best performance result of 91.1% was obtained with the Naïve Bayes classifier. We hope our proposed solution will help security professionals to deal with APTs in a timely and effective manner.

Item Type: Article
Identification Number: https://doi.org/10.32604/cmc.2021.014223
13 December 2020Accepted
5 February 2021Published
Uncontrolled Keywords: Advanced persistent threat; APT; Cyber Kill Chain; data breach; intrusion detection; cyber-attack; attack prediction; data-driven security and machine learning
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment > College of Computing
Depositing User: Yussuf Ahmed
Date Deposited: 10 Feb 2022 10:05
Last Modified: 19 Jun 2024 12:20
URI: https://www.open-access.bcu.ac.uk/id/eprint/12795

Actions (login required)

View Item View Item


In this section...