Advanced Persistent Threat Detection using Anomaly Score Calibration and Multi-class Classification

Simple item page
dc.contributor.authorSoh, Ornella Lucresse
dc.contributor.supervisorTraoré, Issa
dc.date.accessioned2023-04-27T22:50:22Z
dc.date.available2023-04-27T22:50:22Z
dc.date.copyright2023en_US
dc.date.issued2023-04-27
dc.degree.departmentDepartment of Electrical and Computer Engineering
dc.degree.levelMaster of Applied Science M.A.Sc.en_US
dc.description.abstractOrganisations worldwide continue to face a diverse range of attacks. Traditionally, these have been attacks of opportunity that quickly act upon weaker targets whenever possible. However, in the past decade, advanced persistent threats (APTs) have emerged that consist of targeted and long-term campaigns perpetrated by skilled and determined hackers who have clearly defined objectives and relentlessly work towards achieving their aims. APT breaches can go undetected for long periods because of the hackers’ ability to adapt to and escape defensive methods. In this paper, we present a new approach to establishing whether a security event is part of an APT attack by predicting the corresponding kill chain stage. For monitored security activity and events, our approach derives a probabilistic anomaly score using an approach based on principal component analysis (PCA) and score calibration and classifying the event with a multi-class type of Bayesian Network (BN). We evaluate the proposed model using two different public APT datasets, which yielded very encouraging performance in accurately detecting APT event occurrences and stages.en_US
dc.description.scholarlevelGraduateen_US
dc.identifier.urihttp://hdl.handle.net/1828/15036
dc.languageEnglisheng
dc.language.isoenen_US
dc.rightsAvailable to the World Wide Weben_US
dc.subjectScoreen_US
dc.subjectCalibrationen_US
dc.subjectMulti-class Classificationen_US
dc.subjectBayesian networken_US
dc.subjectPCAen_US
dc.subjectAPTsen_US
dc.titleAdvanced Persistent Threat Detection using Anomaly Score Calibration and Multi-class Classificationen_US
dc.typeThesisen_US

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Soh_Ornella_MASc_2023.pdf
Size:
477.01 KB
Format:
Adobe Portable Document Format
Description:
APTs detection using Machine Learning algorithms.
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
2 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Electronic Theses and Dissertations (ETD)
 
University of Victoria Libraries

We acknowledge and respect the Lək̓ʷəŋən (Songhees and Esquimalt) Peoples on whose territory the university stands, and the Lək̓ʷəŋən and W̱SÁNEĆ Peoples whose historical relationships with the land continue to this day.