NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Identifying Tactics of Advanced Persistent Threats with Limited Attack Traces

Published

Author(s)

Khandakar Ashrafi Akbar, Yigong Wang, Md Islam, Anoop Singhal, Latifur Khan, Bhavani Thuraisingham1

Abstract

The cyberworld being threatened by continuous imposters needs the development of intelligent methods for identifying threats while keeping in mind all the constraints that can be encountered. Advanced persistent threats (APT) have become an emerging issue nationwide, in international, and commercial aspects, that secretly steals information and keeps track of system processes over a long period of time. Depending on the objective, adversaries use different tactics throughout the APT campaign to compromise the systems. Therefore, this kind of attack needs immediate attention as such attack tactics are hard to detect for being interleaved with benign activities. Moreover, existing solutions to detect APT attacks are computationally expensive since keeping track of every system behavior is both costly and challenging. In addition, because of the data imbalance issue that appears due to few malicious events compared to the innumerable benign events in the system, the performance of the existing detection models is affected. In this work, we propose novel machine learning (ML) approaches to classify such attack tactics. We convert APT traces into a graph, generate nodes, and eventually graph embeddings, and classify using ML. For ML, we use proposed advanced approaches to address class imbalance issues and compare our approaches with other baseline models and show the effectiveness of our approaches.
Proceedings Title
International Conference on Information System Security ICISS 2021
Volume
13146
Conference Dates
December 16-20, 2021
Conference Location
Patna, MD, US
Pub Type
Conferences

Download Paper

https://doi.org/10.1007/978-3-030-92571-0_1
Local Download

Keywords

Advanced Persistent Threat, Online Metric Learning, Data Imbalance
Information technology

Citation

Akbar, K. , Wang, Y. , Islam, M. , Singhal, A. , Khan, L. and Thuraisingham1, B. (2021), Identifying Tactics of Advanced Persistent Threats with Limited Attack Traces, International Conference on Information System Security ICISS 2021, Patna, MD, US, [online], https://doi.org/10.1007/978-3-030-92571-0_1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933288 (Accessed October 29, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created December 16, 2021, Updated November 29, 2022
Was this page helpful?