A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method

• URL: http://arxiv.org/abs/2506.12108v1
• Date: Fri, 13 Jun 2025 09:07:56 GMT
• Title: A Lightweight IDS for Early APT Detection Using a Novel Feature Selection Method
• Authors: Bassam Noori Shaker, Bahaa Al-Musawi, Mohammed Falih Hassan,
• Abstract summary: An Advanced Persistent Threat (APT) is a multistage, highly sophisticated, and covert form of cyber threat.<n>We propose a feature selection method for developing a lightweight intrusion detection system.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: An Advanced Persistent Threat (APT) is a multistage, highly sophisticated, and covert form of cyber threat that gains unauthorized access to networks to either steal valuable data or disrupt the targeted network. These threats often remain undetected for extended periods, emphasizing the critical need for early detection in networks to mitigate potential APT consequences. In this work, we propose a feature selection method for developing a lightweight intrusion detection system capable of effectively identifying APTs at the initial compromise stage. Our approach leverages the XGBoost algorithm and Explainable Artificial Intelligence (XAI), specifically utilizing the SHAP (SHapley Additive exPlanations) method for identifying the most relevant features of the initial compromise stage. The results of our proposed method showed the ability to reduce the selected features of the SCVIC-APT-2021 dataset from 77 to just four while maintaining consistent evaluation metrics for the suggested system. The estimated metrics values are 97% precision, 100% recall, and a 98% F1 score. The proposed method not only aids in preventing successful APT consequences but also enhances understanding of APT behavior at early stages.

Related papers

• Explainable AI for Enhancing IDS Against Advanced Persistent Kill Chain [0.0]
  This work proposes a feature selection and classification model that integrates two prominent machine learning algo-rithms.<n>The aim is to develop lightweight IDS based on a selected minimum number of influential features for detecting APTs at various phases.
  arXiv  Detail & Related papers  (2025-06-09T06:54:12Z)
• Detecting APT Malware Command and Control over HTTP(S) Using Contextual Summaries [1.0787328610467801]
  We present EarlyCrow, an approach to detect APT malware command and control over HTTP(S) using contextual summaries.<n>The design of EarlyCrow is informed by a novel threat model focused on TTPs present in traffic generated by tools recently used in APT campaigns.<n>EarlyCrow defines a novel multipurpose network flow format called PairFlow, which is leveraged to build the contextual summary of a PCAP capture.
  arXiv  Detail & Related papers  (2025-02-07T22:38:39Z)
• RAPID: Robust APT Detection and Investigation Using Context-Aware Deep Learning [26.083244046813512]
  We introduce a novel deep learning-based method for robust APT detection and investigation. By utilizing self-supervised sequence learning and iteratively learned embeddings, our approach effectively adapts to dynamic system behavior. Our evaluation demonstrates RAPID's effectiveness and computational efficiency in real-world scenarios.
  arXiv  Detail & Related papers  (2024-06-08T05:39:24Z)
• FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids [53.2306792009435]
  FaultGuard is the first framework for fault type and zone classification resilient to adversarial attacks. We propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness. Our model outclasses the state-of-the-art for resilient fault prediction benchmarking, with an accuracy of up to 0.958.
  arXiv  Detail & Related papers  (2024-03-26T08:51:23Z)
• ADVENT: Attack/Anomaly Detection in VANETs [0.8594140167290099]
  This study introduces a system for real-time detection of malicious behavior. By seamlessly integrating statistical and machine learning techniques, the proposed system prioritizes simplicity and efficiency. It excels in swiftly detecting attack onsets with a remarkable F1-score of 99.66%, subsequently identifying malicious vehicles with an average F1-score of approximately 97.85%.
  arXiv  Detail & Related papers  (2024-01-16T18:49:08Z)
• Token-Level Adversarial Prompt Detection Based on Perplexity Measures and Contextual Information [67.78183175605761]
  Large Language Models are susceptible to adversarial prompt attacks. This vulnerability underscores a significant concern regarding the robustness and reliability of LLMs. We introduce a novel approach to detecting adversarial prompts at a token level.
  arXiv  Detail & Related papers  (2023-11-20T03:17:21Z)
• NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation [15.803901489811318]
  NodLink is the first online detection system that maintains high detection accuracy without sacrificing detection granularity. We propose a novel design of in-memory cache, an efficient attack screening method, and a new approximation algorithm that is more efficient than the conventional one in APT attack detection.
  arXiv  Detail & Related papers  (2023-11-04T05:36:59Z)
• Small Object Detection via Coarse-to-fine Proposal Generation and Imitation Learning [52.06176253457522]
  We propose a two-stage framework tailored for small object detection based on the Coarse-to-fine pipeline and Feature Imitation learning. CFINet achieves state-of-the-art performance on the large-scale small object detection benchmarks, SODA-D and SODA-A.
  arXiv  Detail & Related papers  (2023-08-18T13:13:09Z)
• When Measures are Unreliable: Imperceptible Adversarial Perturbations toward Top-$k$ Multi-Label Learning [83.8758881342346]
  A novel loss function is devised to generate adversarial perturbations that could achieve both visual and measure imperceptibility. Experiments on large-scale benchmark datasets demonstrate the superiority of our proposed method in attacking the top-$k$ multi-label systems.
  arXiv  Detail & Related papers  (2023-07-27T13:18:47Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)
• Transferable, Controllable, and Inconspicuous Adversarial Attacks on Person Re-identification With Deep Mis-Ranking [83.48804199140758]
  We propose a learning-to-mis-rank formulation to perturb the ranking of the system output. We also perform a back-box attack by developing a novel multi-stage network architecture. Our method can control the number of malicious pixels by using differentiable multi-shot sampling.
  arXiv  Detail & Related papers  (2020-04-08T18:48:29Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.