Advanced Persistent Threat Detection: A Particle Swarm Optimization Approach

Advanced Persistent Threat (APT) is one of the most sophisticated cyber threats aiming to gain access to a system and remain there for a long time utilizing continuous, covert, and sophisticated evasion techniques. As a result, detecting such an attack is still very challenging. A successful APT attack can cause significant financial and valuable information loss for a large company or a government organization. The importance of APT detection has attracted many researchers, and various machine learning methods have been proposed in the literature to improve APT detection performance. This paper utilizes Particle Swarm Optimization (PSO) to automatically evolve a classification model for APT attack detection and classification. The proposed method optimizes a set of weights, each corresponding to a feature in the dataset. These weights are then used to predict the class label, for instance, by calculating the weighted sum of the features based on the weights evolved by PSO. One of the main advantages of the proposed method is that it does not require human intervention. The experimental results on a publicly available dataset, i.e., DAPT-2020, show that the proposed method significantly outperformed the state-of-the-art method and other commonly used machine learning methods for APT detection and multi-class classification. Furthermore, a detailed investigation of the proposed method's inner mechanism is discussed to highlight various aspects, e.g., convergence and some of the detected patterns.