Detection of advanced persistent threat: A genetic programming approach

Abstract

Advanced Persistent Threats (APTs) are an intimidating class of cyberattacks known for their persistence, sophistication, and targeted nature. These attacks, coordinated by highly motivated adversaries, pose a grave risk to organizations and individuals, often operating stealthily and evading detection. While existing research primarily focuses on applying Machine Learning (ML) methods to analyze network traffic data for APT detection, this article introduces a novel approach that utilizes Genetic Programming (GP). The proposed method not only detects APT attacks but also identifies their specific life cycle stages through the evolutionary capabilities of GP. Its effectiveness lies in its ability to excel in detecting intricate patterns, even within classes with a limited number of instances, a feat that is often challenging for traditional ML techniques. The method involves evolving and optimizing its models to effectively learn and adapt to complex APT behaviors. Experimentation with a publicly available dataset showcases the efficacy of the proposed method across diverse APT stages. The results demonstrate that the proposed method, GPC, achieves a 3.71% improvement in balanced accuracy compared to the best-performing model from related works. Moreover, a thorough analysis of the best-evolved GP model uncovers valuable insights about identified features and significant patterns. This research advances the APT detection paradigm by leveraging GP’s capabilities, providing a fresh and effective perspective on countering these persistent threats.