Browse by author
Lookup NU author(s): Dr Mujeeb AhmedORCiD
This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0).
Advanced Persistent Threats (APTs) involve attackers maintaining a long-term presence on victim systems, leading to the stealthy exfiltration of sensitive data during network transfers. Despite existing methods to detect and halt APT data exfiltration, these attacks continue to pose significant threats to sensitive information and result in substantial commercial losses. Current approaches primarily focus on preemptive measures, which are insufficient once early-stage detection fails due to a lack of continuous monitoring. We propose an effective and efficient network monitoring method to address this gap and detect APT exfiltration during data transfer. Our approach assumes the presence of an undetected APT attacker within the victim system. We examine data exfiltration across three exfiltration traffic environments: exfiltration over command control channels, exfiltration over transfer size limitations, and their combinations. We introduce two detection metrics: Package Transfer Rate and Byte Transfer Rate. Utilizing these metrics, we measure network traffic, categorize APT attack environments, and train deep neural network models, named EDXGB, using ensembled decision trees to predict APT exfiltration. Our method is validated on two public datasets and compared against six baseline methods. Additionally, we simulate real-world exfiltration scenarios by creating three exfiltration traffic environments for each dataset. The results demonstrate that our method effectively detects APT exfiltration across various network environments, enhancing data protection and secure transfer.
Author(s): Cai X, Zhang H, Ahmed CM, Koide H
Publication type: Article
Publication status: Published
Journal: IEEE Access
Year: 2025
Volume: 13
Pages: 81803-81822
Online publication date: 07/05/2025
Acceptance date: 03/05/2025
Date deposited: 20/05/2025
ISSN (electronic): 2169-3536
Publisher: IEEE
URL: https://doi.org/10.1109/ACCESS.2025.3567772
DOI: 10.1109/ACCESS.2025.3567772
Altmetrics provided by Altmetric
