The use of machine learning algorithms for detecting advanced persistent threats.

Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. Due to their capability to navigates around defenses and to evade detection for a prolonged period of time, targeted APT attacks present an increasing concern for both cyber security and business continuity personnel. This paper explores the application of Artificial Immune System (AIS) and Recurrent Neural Networks (RNNs) variants for APT detection. It has been shown that the variants of the suggested algorithms provide not only detection capability, but can also classify malicious data traffic with respect to the type of APT attacks

Handling minority class problem in threats detection based on heterogeneous ensemble learning approach.

Multiclass problem, such as detecting multi-steps behaviour of Advanced Persistent Threats (APTs) have been a major global challenge, due to their capability to navigates around defenses and to evade detection for a prolonged period of time. Targeted APT attacks present an increasing concern for both cyber security and business continuity. Detecting the rare attack is a classification problem with data imbalance. This paper explores the applications of data resampling techniques, together with heterogeneous ensemble approach for dealing with data imbalance caused by unevenly distributed data elements among classes with our focus on capturing the rare attack. It has been shown that the suggested algorithms provide not only detection capability, but can also classify malicious data traffic corresponding to rare APT attacks

Advanced Persistent Threats in Cybersecurity – Cyber Warfare

This book aims to provide a comprehensive analysis of Advanced Persistent Threats (APTs), including their characteristics, origins, methods, consequences, and defense strategies, with a focus on detecting these threats. It explores the concept of advanced persistent threats in the context of cyber security and cyber warfare. APTs represent one of the most insidious and challenging forms of cyber threats, characterized by their sophistication, persistence, and targeted nature. The paper examines the origins, characteristics and methods used by APT actors. It also explores the complexities associated with APT detection, analyzing the evolving tactics used by threat actors and the corresponding advances in detection methodologies. It highlights the importance of a multi-faceted approach that integrates technological innovations with proactive defense strategies to effectively identify and mitigate APT

Amenințările persistente avansate în securitatea cibernetică – Războiul cibernetic

O analiză cuprinzătoare a Amenințărilor Persistente Avansate (Advanced Persistent Threats, APT), inclusiv caracteristicile, originile, metodele, consecințele și strategiile de apărare ale acestora, cu accent pe detectarea acestor amenințări. Se explorează conceptul de amenințări persistente avansate în contextul securității cibernetice și al războiului cibernetic. APT reprezintă una dintre cele mai insidioase și provocatoare forme de amenințări cibernetice, caracterizate prin sofisticarea, persistența și natura lor țintită. Această carte analizează originile, caracteristicile și metodele folosite de actorii APT. De asemenea, explorează complexitățile asociate cu detectarea APT, analizând tacticile evolutive folosite de actorii amenințărilor și a progreselor corespunzătoare în metodologiile de detectare. Cartea subliniază importanța abordării cu mai multe fațete, care integrează inovații tehnologice cu strategii proactive de apărare pentru a identifica în mod eficient și atenua APT

Les menaces persistantes avancées en cybersécurité – La guerre cybernétique

Ce livre vise à fournir une analyse complète des menaces persistantes avancées, y compris leurs caractéristiques, origines, méthodes, conséquences et stratégies de défense, en mettant l'accent sur la détection de ces menaces. Il explore le concept de menaces persistantes avancées dans le contexte de la cybersécurité et de la cyberguerre. Les menaces persistantes avancées représentent l’une des formes de cybermenaces les plus insidieuses et les plus complexes, caractérisée par leur sophistication, leur persistance et leur nature ciblée. Le livre examine les origines, les caractéristiques et les méthodes utilisées par les acteurs des menaces persistantes avancées. Il explore également les complexités associées à la détection des menaces persistantes avancées, en analysant l'évolution des tactiques utilisées par les acteurs de la menace et les avancées correspondantes dans les méthodologies de détection. Il souligne l’importance d’une approche multidimensionnelle intégrant les innovations technologiques à des stratégies de défense proactives pour identifier et atténuer efficacement les menaces persistantes avancées