a novel framework for apt attack detection based on network traffic

Apt (advanced persistent threat) attack is a dangerous, targeted attack form with clear targets. apt attack campaigns have huge consequences. therefore, the problem of researching and developing the apt attack detection solution is very urgent and necessary nowadays. on the other hand, no matter how advanced the apt attack, it has clear processes and lifecycles. taking advantage of this point, security experts recommend that could develop apt attack detection solutions for each of their life cycles and processes. in apt attacks, hackers often use phishing techniques to perform attacks and steal data. if this attack and phishing phase is detected, the entire apt attack campaign will crash. therefore, it is necessary to research and deploy technology and solutions that could detect early the apt attack when it is in the stages of attacking and stealing data. this paper proposes an apt attack detection framework based on the network traffic analysis technique using open-source tools and deep learning models. this research focuses on analyzing network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify network traffic based on the extracted abnormal behaviors. the abnormal behavior analysis process is presented in detail in section 3.1 of the paper. the apt attack detection method based on network traffic is presented in section 3.2 of this paper. finally, the experimental process of the proposal is performed in section 4 of the paper.