Exploring the vulnerability in the inference phase of advanced persistent threats
In recent years, the Internet of Things has been widely used in modern life. Advanced persistent threats are long-term network attacks on specific targets with attackers using advanced attack methods. The Internet of Things targets have also been threatened by advanced persistent threats with the wi...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2022-03-01
|
| Series: | International Journal of Distributed Sensor Networks |
| Online Access: | https://doi.org/10.1177/15501329221080417 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832553243846115328 |
|---|---|
| author | Qi Wu Qiang Li Dong Guo Xiangyu Meng |
| author_facet | Qi Wu Qiang Li Dong Guo Xiangyu Meng |
| author_sort | Qi Wu |
| collection | DOAJ |
| description | In recent years, the Internet of Things has been widely used in modern life. Advanced persistent threats are long-term network attacks on specific targets with attackers using advanced attack methods. The Internet of Things targets have also been threatened by advanced persistent threats with the widespread application of Internet of Things. The Internet of Things device such as sensors is weaker than host in security. In the field of advanced persistent threat detection, most works used machine learning methods whether host-based detection or network-based detection. However, models using machine learning methods lack robustness because it can be attacked easily by adversarial examples. In this article, we summarize the characteristics of advanced persistent threats traffic and propose the algorithm to make adversarial examples for the advanced persistent threat detection model. We first train advanced persistent threat detection models using different machine learning methods, among which the highest F1-score is 0.9791. Then, we use the algorithm proposed to grey-box attack one of models and the detection success rate of the model drop from 98.52% to 1.47%. We prove that advanced persistent threats adversarial examples are transitive and we successfully black-box attack other models according to this. The detection success rate of the attacked model with the best attacked effect dropped from 98.66% to 0.13%. |
| format | Article |
| id | doaj-art-1e4fbc486fc64ba59da9fb252e3fef0c |
| institution | Kabale University |
| issn | 1550-1477 |
| language | English |
| publishDate | 2022-03-01 |
| publisher | Wiley |
| record_format | Article |
| series | International Journal of Distributed Sensor Networks |
| spelling | doaj-art-1e4fbc486fc64ba59da9fb252e3fef0c2025-02-03T05:54:33ZengWileyInternational Journal of Distributed Sensor Networks1550-14772022-03-011810.1177/15501329221080417Exploring the vulnerability in the inference phase of advanced persistent threatsQi Wu0Qiang Li1Dong Guo2Xiangyu Meng3College of Software, Jilin University, Changchun, ChinaCollege of Computer Science and Technology, Jilin University, Changchun, ChinaDepartment of Computer Science and Technology, Jilin University, Changchun, ChinaCollege of Computer Science and Technology, Jilin University, Changchun, ChinaIn recent years, the Internet of Things has been widely used in modern life. Advanced persistent threats are long-term network attacks on specific targets with attackers using advanced attack methods. The Internet of Things targets have also been threatened by advanced persistent threats with the widespread application of Internet of Things. The Internet of Things device such as sensors is weaker than host in security. In the field of advanced persistent threat detection, most works used machine learning methods whether host-based detection or network-based detection. However, models using machine learning methods lack robustness because it can be attacked easily by adversarial examples. In this article, we summarize the characteristics of advanced persistent threats traffic and propose the algorithm to make adversarial examples for the advanced persistent threat detection model. We first train advanced persistent threat detection models using different machine learning methods, among which the highest F1-score is 0.9791. Then, we use the algorithm proposed to grey-box attack one of models and the detection success rate of the model drop from 98.52% to 1.47%. We prove that advanced persistent threats adversarial examples are transitive and we successfully black-box attack other models according to this. The detection success rate of the attacked model with the best attacked effect dropped from 98.66% to 0.13%.https://doi.org/10.1177/15501329221080417 |
| spellingShingle | Qi Wu Qiang Li Dong Guo Xiangyu Meng Exploring the vulnerability in the inference phase of advanced persistent threats International Journal of Distributed Sensor Networks |
| title | Exploring the vulnerability in the inference phase of advanced persistent threats |
| title_full | Exploring the vulnerability in the inference phase of advanced persistent threats |
| title_fullStr | Exploring the vulnerability in the inference phase of advanced persistent threats |
| title_full_unstemmed | Exploring the vulnerability in the inference phase of advanced persistent threats |
| title_short | Exploring the vulnerability in the inference phase of advanced persistent threats |
| title_sort | exploring the vulnerability in the inference phase of advanced persistent threats |
| url | https://doi.org/10.1177/15501329221080417 |
| work_keys_str_mv | AT qiwu exploringthevulnerabilityintheinferencephaseofadvancedpersistentthreats AT qiangli exploringthevulnerabilityintheinferencephaseofadvancedpersistentthreats AT dongguo exploringthevulnerabilityintheinferencephaseofadvancedpersistentthreats AT xiangyumeng exploringthevulnerabilityintheinferencephaseofadvancedpersistentthreats |