Development of Detection and Mitigation of Advanced Persistent Threats Using Artificial Intelligence and Multi-Layer Security on Cloud Computing Infrastructure

(1) * Hartono Hartono Mail (Universitas Muhammadiyah Kotabumi, Indonesia)
(2) Ryan Aji Wijaya Mail (Universitas Muhammadiyah Kotabumi, Indonesia)
(3) Khusnul Khotimah Mail (Universitas Muhammadiyah Kotabumi, Indonesia)
*corresponding author

Abstract


This research proposes a novel approach for detecting and mitigating Advanced Persistent Threats (APTs) in cloud computing infrastruc ture, offering more comprehensive protection compared to previous methods. By integrating detection and mitigation, this study addresses the shortcomings of prior research that focused solely on detection. Based on the conducted research, Artificial Intelligence (AI) detected Cross-Site Scripting (XSS) attacks with an accuracy of 0.9951, SQL Injection (SQLI) at 0.9964, and Remote Code Execution (RCE) at 0.9876. In trials against new attacks, the detection success rates reached 70% for XSS, 98% for SQLI, and 100% for RCE. During the deployment phase, the system successfully identified 23.040 out of 108.394 requests as XSS attacks, 2.684 out of 128.750 as SQLI attacks, and 1.135 out of 46.450 as RCE attacks. The detection and mitigation methods were directly tested on cloud server experiencing APT attacks. The daily attacks on the server reached 1.980, with 663.000 requests. Additionally, the number of attacks directed at authentication or sensitive pages reached 17.913.701. Attack mitigation was tested through seven layers of security, including DNS Protection, Config Server Firewall (CSF), OWASP ModSecurity, HTTP middleware, data filter or sanitizer, template engine, and manual mitigation successfully blocking million of persistent attacks. The DNS protection layer successfully mitigated 59,000 out of a total of 19 million requests. The CSF layer mitigated 173 sources IP of DDoS attacks. The ModSecurity layer mitigated 17,916,204 attacks. All attacks were successfully mitigated before reaching the HTTP Middleware stage or next layer. The use of NIST 2.0 standards helps manage security risks through identification, protection, detection, response, and recovery. Test results indicate that this multi-layered system is more efficient and effective in detecting and mitigating attacks compared to traditional methods. However, the complexity of implementation and maintenance poses challenges that must be addressed. This research significantly contributes to a more adaptive and sustainable cybersecurity strategy.

Keywords


Advanced Persistent Threat; Multi-Layer Security; Artificial Intelegence; Machine Learning; Cyber Security

   

DOI

https://doi.org/10.29099/ijair.v8i2.1250
      

Article metrics

10.29099/ijair.v8i2.1250 Abstract views : 230 | PDF views : 74

   

Cite

   

Full Text

Download

References


BSSN, ‘Lanskap Keamanan Siber Indonesia 2023’, Badan Siber dan Sandi Negara Republik Indonesia, 2023, 2023.

A. Yusuf, Laporan Tahunan 2020 Honeynet Project BSSN - IHP. Badan Siber dan Sandi Negara, 2022.

H. Hartono, K. Khotimah, and A. Wibowo, ‘DETEKSI SERANGAN REMOTE CODE EXECUTION DAN CROSS SITE SCRIPTING MENGGUNAKAN MACHINE LEARNING’, J. Inform., vol. 23, no. 2, pp. 229–242, Dec. 2023, doi: 10.30873/ji.v23i2.3931.

L. Cloudeka, ‘10 Kasus Kebocoran Data di Indonesia dan di Dunia, Apa Saja?’, Lintasarta. Accessed: Mar. 19, 2024. [Online]. Available: https://www.cloudeka.id/id/berita/web-sec/kasus-kebocoran-data/

‘Kasus Kebocoran Data di Indonesia Melonjak 143% pada Kuartal II 2022 | Databoks’. Accessed: Apr. 09, 2023. [Online]. Available: https://databoks.katadata.co.id/datapublish/2022/08/09/kasus-kebocoran-data-di-indonesia-melonjak-143-pada-kuartal-ii-2022

BeritaSatu.com, ‘Deretan Kasus Kebocoran Data yang Pernah Terjadi di Indonesia Selama 2023’, beritasatu.com. Accessed: Mar. 19, 2024. [Online]. Available: https://www.beritasatu.com/ototekno/2784168/deretan-kasus-kebocoran-data-yang-pernah-terjadi-di-indonesia-selama-2023

H. Kettani and P. Wainwright, ‘On the Top Threats to Cyber Systems’, in 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT), Mar. 2019, pp. 175–179. doi: 10.1109/INFOCT.2019.8711324.

J. Chen et al., ‘A Multi-Layer Security Scheme for Mitigating Smart Grid Vulnerability against Faults and Cyber-Attacks’, Appl. Sci., vol. 11, no. 21, p. 9972, Oct. 2021, doi: 10.3390/app11219972.

A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, ‘A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities’, IEEE Commun. Surv. Tutor., vol. 21, no. 2, pp. 1851–1877, 2019, doi: 10.1109/COMST.2019.2891891.

A. F. Doss, Cyber privacy: who has your data and why you should care. Dallas, TX: BenBella Books, Inc, 2020.

Y. Maleh, M. Alazab, L. Tawalbeh, and I. Romdhani, Big Data Analytics and Intelligent Systems for Cyber Threat Intelligence. CRC Press, 2023.

N. Mohamed, E. Alam, and G. L. Stubbs, ‘Multi-Layer Protection Approach MLPA for the Detection of Advanced Persistent Threat’, J. Posit. Sch. Psychol., pp. 4496–4518, Jun. 2022.

S. Ahmed et al., ‘Effective and Efficient DDoS Attack Detection Using Deep Learning Algorithm, Multi-Layer Perceptron’, Future Internet, vol. 15, no. 2, p. 76, Feb. 2023, doi: 10.3390/fi15020076.

A. A. Alahmadi et al., ‘DDoS Attack Detection in IoT-Based Networks Using Machine Learning Models: A Survey and Research Directions’, Electronics, vol. 12, no. 14, p. 3103, Jul. 2023, doi: 10.3390/electronics12143103.

F. J. Abdullayeva, ‘Advanced Persistent Threat attack detection method in cloud computing based on autoencoder and softmax regression algorithm’, Array, vol. 10, p. 100067, Jul. 2021, doi: 10.1016/j.array.2021.100067.

K. A. Alaghbari, H.-S. Lim, M. H. M. Saad, and Y. S. Yong, ‘Deep Autoencoder-Based Integrated Model for Anomaly Detection and Efficient Feature Extraction in IoT Networks’, IoT, vol. 4, no. 3, pp. 345–365, Aug. 2023, doi: 10.3390/iot4030016.

T. Tabassum, O. Toker, and M. R. Khalghani, ‘Cyber–physical anomaly detection for inverter-based microgrid using autoencoder neural network’, Appl. Energy, vol. 355, p. 122283, Feb. 2024, doi: 10.1016/j.apenergy.2023.122283.

H. Torabi, S. L. Mirtaheri, and S. Greco, ‘Practical autoencoder based anomaly detection by using vector reconstruction error’, Cybersecurity, vol. 6, no. 1, p. 1, Jan. 2023, doi: 10.1186/s42400-022-00134-9.

C. D. Xuan, D. Duong, and H. X. Dau, ‘A multi-layer approach for advanced persistent threat detection using machine learning based on network traffic’, J. Intell. Fuzzy Syst., vol. 40, no. 6, pp. 11311–11329, Jan. 2021, doi: 10.3233/JIFS-202465.

A. Mishra, N. Gupta, and B. B. Gupta, ‘Defensive mechanism against DDoS attack based on feature selection and multi-classifier algorithms’, Telecommun. Syst., vol. 82, no. 2, pp. 229–244, Feb. 2023, doi: 10.1007/s11235-022-00981-4.

T. Cai, T. Jia, S. Adepu, Y. Li, and Z. Yang, ‘ADAM: An Adaptive DDoS Attack Mitigation Scheme in Software-Defined Cyber-Physical System’, IEEE Trans. Ind. Inform., vol. 19, no. 6, pp. 7802–7813, Jun. 2023, doi: 10.1109/TII.2023.3240586.

S. K. Rajamani and R. S. Iyer, ‘Machine Learning-Based Mobile Applications Using Python and Scikit-Learn’, in Designing and Developing Innovative Mobile Applications, IGI Global, 2023, pp. 282–306. doi: 10.4018/978-1-6684-8582-8.ch016.

F. Nelli, ‘Machine Learning with scikit-learn’, in Python Data Analytics: With Pandas, NumPy, and Matplotlib, F. Nelli, Ed., Berkeley, CA: Apress, 2023, pp. 259–287. doi: 10.1007/978-1-4842-9532-8_8.

M. A. Selvan, ‘Svm-Enhanced Intrusion Detection System for Effective Cyber Attack Identification and Mitigation (1st edition)’, J. Sci. Technol. Res. JSTAR, vol. 5, no. 1, pp. 397–403, 2024.

I. Avci and M. Koca, ‘Cybersecurity Attack Detection Model, Using Machine Learning Techniques’, Acta Polytech. Hung., vol. 20, no. 7, pp. 29–44, 2023, doi: 10.12700/APH.20.7.2023.7.2.

M. Douiba, S. Benkirane, A. Guezzaz, and M. Azrour, ‘An improved anomaly detection model for IoT security using decision tree and gradient boosting’, J. Supercomput., vol. 79, no. 3, pp. 3392–3411, Feb. 2023, doi: 10.1007/s11227-022-04783-y.

S. Srivastava and S. Raj, ‘Cyber Security Assessment and Awareness: A Statistical Modelling Approach’, in 2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC), Jan. 2024, pp. 1–6. doi: 10.1109/KHI-HTC60760.2024.10482035.

F. Handayani, ‘Komparasi Support Vector Machine, Logistic Regression Dan Artificial Neural Network Dalam Prediksi Penyakit Jantung’, J. Edukasi Dan Penelit. Inform. JEPIN, vol. 7, no. 3, p. 329, Dec. 2021, doi: 10.26418/jp.v7i3.48053.

M. Elbes, S. Hendawi, S. AlZu’bi, T. Kanan, and A. Mughaid, ‘Unleashing the Full Potential of Artificial Intelligence and Machine Learning in Cybersecurity Vulnerability Management’, in 2023 International Conference on Information Technology (ICIT), Aug. 2023, pp. 276–283. doi: 10.1109/ICIT58056.2023.10225910.




Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

________________________________________________________

The International Journal of Artificial Intelligence Research

Organized by: Departemen Teknik Informatika
Published by: STMIK Dharma Wacana
Jl. Kenanga No.03 Mulyojati 16C Metro Barat Kota Metro Lampung

Email: jurnal.ijair@gmail.com

View IJAIR Statcounter

Creative Commons License
This work is licensed under  Creative Commons Attribution-ShareAlike 4.0 International License.