• home
• current students
• graduate
• events

Presenter: Ornella Soh
Supervisor:

Date: Thu, April 6, 2023
Time: 10:00:00 - 00:00:00
Place: ZOOM - Please see below.

ABSTRACT

Join Zoom Meeting https://uvic.zoom.us/j/82538408898?pwd=b1RQUnR2Zm15Sk9Jc0V6WXpsNTdDQT09

ABSTRACT 

Organizations worldwide continue to face a diverse range of attacks. Traditionally, these have been attacks of opportunity that quickly move to weaker targets whenever possible. However, in the past decade, advanced persistent threats (APTs) have emerged that consist of targeted and long-term campaigns perpetrated by skilled and determined hackers who have clearly defined objectives and relentlessly work towards achieving their aims. APT breaches can go undetected for long periods because of the hackers’ ability to adapt to and escape defensive methods. In this paper, we present a new approach to establishing whether a security event is part of an APT attack by predicting the corresponding kill chain stage. For monitored security activity and events, the approach derives a probabilistic anomaly score using an approach based on principal component analysis (PCA) and score calibration and classifying the event with a multi-class type of Bayesian Network (BN). The proposed model was evaluated using two different public APT datasets, which yielded very encouraging performance in accurately detecting APT event occurrences and stages.