Explore the vast range of titles available.

Advanced Persistent Threat (APT) attacks are causing a lot of damage to critical organizations and institutions. Therefore, early detection and warning of APT attack campaigns are very necessary today. In this paper, we propose a new approach for APT attack detection based on the combination of Feature Intelligent Extraction (FIE) and Representation Learning (RL) techniques. In particular, the proposed FIE technique is a combination of the Bidirectional Long Short-Term Memory (BiLSTM) deep learning network and the Attention network. The FIE combined model has the function of aggregating and extracting unusual behaviors of APT IPs in network traffic. The RL method proposed in this study aims to optimize classifying APT IPs and normal IPs based on two main techniques: rebalancing data and contrastive learning. Specifically, the rebalancing data method supports the training process by rebalancing the experimental dataset. And the contrastive learning method learns APT IP’s important features based on finding and pulling similar features together as well as pushing contrasting data points away. The combination of FIE and RL (abbreviated as the FIERL model) is a novel proposal and innovation and has not been proposed and published by any research. The experimental results in the paper have proved that the proposed method in the paper is correct and reasonable when it has shown superior efficiency compared to some other studies and approaches over 5% on all measurements.

Advanced Persistent Threat (APT) attacks are a form of malicious, intentionally and clearly targeted attack. By using many sophisticated and complicated methods and technologies to attack targets in order to obtain confidential and sensitive information. In fact, in order to detect APT attacks, detection systems often need to apply many parallel and series techniques in order to make the most of the advantages as well as minimize the disadvantages of each technique. Therefore, in this paper, we propose a method of detecting APT attacks based on abnormal behaviors of Network traffic using machine learning. Accordingly, in our research, the abnormal behavior of APT attacks in Network Traffic will be defined on both components: Domain and IP. Then, these behaviors are evaluated and classified based on the Random Forest classification algorithm to conclude about the behavior of APT attacks. Details of the definition of abnormal behaviors of the Domain and IP will be presented in section 3.2 of the paper.  The synchronous APT attack detection method proposed in this paper is a novel approach, which will help information security systems detect quickly and accurately signs of the APT attack campaign in the organization. The experimental results presented in section 4 will demonstrate the effectiveness of our proposed method.

Detecting source code vulnerabilities is an essential issue today. In this paper, to improve the efficiency of detecting vulnerabilities in software written in C/C++, we propose to use a combination of Deep Graph Convolutional Neural Network (DGCNN) and code property graph (CPG). Specifically, 3 main proposed phases in the research method include: phase 1: building feature profiles of source code. At this step, we suggest using analysis techniques such as Word2vec, one hot encoding to standardize and analyze the source code; phase 2: extracting features of source code based on feature profiles. Accordingly, at this phase, we propose to use Deep Graph Convolutional Neural Network (DGCNN) model to analyze and extract features of the source code; phase 3: classifying source code based on the features extracted in phase 2 to find normal source code and source code containing security vulnerabilities. Some scenarios for comparing and evaluating the proposed method in this study compared with other approaches we have taken show the superior effectiveness of our approach. Besides, this result proves that our method in this paper is not only correct and reasonable, but it also opens up a new approach to the task of detecting source code vulnerabilities.

Advanced persistent threat (APT) attack is a malicious attack type which has intentional and clear targets. This attack technique has become a challenge for information security systems of organizations, governments, and businesses. The approaches of using machine learning or deep learning algorithms to analyze signs and abnormal behaviors of network traffic for detecting and preventing APT attacks have become popular in recent years. However, the APT attack detection approach that uses behavior analysis and evaluation techniques is facing many difficulties due to the lack of typical data of attack campaigns. To handle this situation, recent studies have selected and extracted the APT attack behaviors which based on datasets are built from experimental tools. Consequently, these properties are few and difficult to obtain in practical monitoring systems. Therefore, although the experimental results show good detection, it does not bring high efficiency in practice. For above reasons, in this paper, a new method based on network traffic analysis using a combined deep learning model to detect APT attacks will be proposed. Specifically, individual deep learning networks such as multilayer perceptron (MLP), convolutional neural network (CNN), and long short-term memory (LSTM) will also be sought, built and linked into combined deep learning networks to analyze and detect signs of APT attacks in network traffic. To detect APT attack signals, the combined deep learning models are performed in two main stages including (i) extracting IP features based on flow: In this phase, we will analyze network traffic into networking flows by IP address and then use the combined deep learning models to extract IP features by network flow; (ii) classifying APT attack IPs: Based on IP features extracted in a task (i), the APT attack IPs and normal IPs will be identified and classified. The proposal of a combined deep learning model to detect APT attacks based on network traffic is a new approach, and there is no research proposed and applied yet. In the experimental section, combined deep learning models proved their superior abilities to ensure accuracy on all measurements from 93 to 98%. This is a very good result for APT attack detection based on network traffic.

To enhance the effectiveness of the Advanced Persistent Threat (APT) detection process, this research proposes a new approach to build and analyze the behavior profiles of APT attacks in network traffic. To achieve this goal, this study carries out two main objectives, including (i) building the behavior profile of APT IP in network traffic using a new intelligent computation method; (ii) analyzing and evaluating the behavior profile of APT IP based on a deep graph network. Specifically, to build the behavior profile of APT IP, this article describes using a combination of two different data mining methods: Bidirectional Long Short-Term Memory (Bi) and Attention (A). Based on the obtained behavior profile, the Dynamic Graph Convolutional Neural Network (DGCNN) is proposed to extract the characteristics of APT IP and classify them. With the flexible combination of different components in the model, the important information and behavior of APT attacks are demonstrated, not only enhancing the accuracy of detecting attack campaigns but also reducing false predictions. The experimental results in the paper show that the method proposed in this study has brought better results than other approaches on all measurements. In particular, the accuracy of APT attack prediction results (Precision) reached from 84 to 91%, higher than other studies of over 7%. These experimental results have proven that the proposed BiADG model for detecting APT attacks in this study is proper and reasonable. In addition, those experimental results have not only proven the effectiveness and superiority of the proposed method in detecting APT attacks but have also opened up a new approach for other cyber-attack detections such as distributed denial of service, botnets, malware, phishing, etc.

One of the techniques that current cyber-attack methods often use to steal and transmit data out is to hide secret data in packets. This is the network steganography technique. Because millions of packets are sent and received every hour in internet activity, so it is very difficult to detect the theft and transmission of system data out using this form. Recent approaches often seek ways to compute and extract abnormal behaviors of packets to detect a steganography protocol or technique. However, such methods have the difficult problem of not being able to detect abnormal packets when an attacker uses other steganography techniques. To solve the above problem, this paper proposes a network steganography detection method using deep learning techniques. The highlight of this study is some new proposed features based on different components of the packet. By combining these many components, this proposal will not only provide the ability to detect many steganography techniques in the network, but also improve the ability to accurately detect abnormal packets. Besides, this study proposes to use deep learning for the task of detecting normal and abnormal packets. The authors want to take advantage of the big data analysis and processing capabilities of deep learning models in order to improve the ability to analyze and detect network steganography techniques. The experimental results in Section IVD have proved the effectiveness of this proposed method compared with other approaches.

The form of spreading malware through end-users and thereby escalating and stealing data in organizations is one of the attack techniques widely used by Advanced Persistent Threat (APT) attackers today. Therefore, the task of timely detecting and warning about APT malware on the workstation is an important and necessary issue because if this task is successful, it will prevent the whole APT attack campaign on the system. To accomplish this purpose, this study proposes a method of detecting APT malware on the workstation based on analyzing the behavior profile of malware using the deep learning graph network. Accordingly, the proposed method includes two main tasks: (i) building behavior profiles of malware: for this task, behavior profiles will be built based on the process of gathering and evaluating Event IDs from the kernel of the workstation. The result of this process of building behavior profiles is the set of processes and labels of each process performed by executable files. The label value is normal, malicious, suspicious, or unknown; (ii) detecting malware based on analyzing behavior profiles using graph network: for this task, based on behavior profiles built from the task (i), we are evaluate and analyze these behavior profiles by the Graph Isomorphism Network (GIN) deep learning graph network method. The results of this behavior profile classification will be used as a basis to conclude which behavior profiles were generated by the APT malware and which behavior profiles are normal. The method of detecting APT malware on workstation based on analyzing behavior profiles using the graph network is a novel method. According to our survey, up to now, this method has not been proposed and applied in any research. The experimental results in Section 4.3 of the paper have shown the remarkable efficiency of our proposed method. With such results, this proposal has not only scientific but also practical significance. The method of using graph networks to analyze and evaluate behavior profiles helps improve the efficiency of the process of analyzing and detecting APT malware on the workstation.

Improving and enhancing the effectiveness of software vulnerability detection methods is urgently needed today. In this study, we propose a new source code vulnerability detection method based on intelligent and advanced computational algorithms. It's a combination of four main processing techniques including (i) Source Embedding, (ii) Feature Learning, (iii) Resampling Data, and (iv) Classification. The Source Embedding method will perform the task of analyzing and standardizing the source code based on the Joern tool and the data mining algorithm. The Feature Learning model has the function of aggregating and extracting source code attribute based on node using machine learning and deep learning methods. The Resampling Data technique will perform equalization of the experimental dataset. Finally, the Classification model has the function of detecting source code vulnerabilities. The novelty and uniqueness of the new intelligent cognitive computing method is the combination and synchronous use of many different data extracting techniques to compute, represent, and extract the properties of the source code. With this new calculation method, many significant unusual properties and features of the vulnerability have been synthesized and extracted. To prove the superiority of the proposed method, we experiment to detect source code vulnerabilities based on the Verum dataset, details of this part are presented in the experimental section. The experimental results show that the method proposed in the paper has brought good results on all measures. These results have shown to be the best research results for the source code vulnerability detection task using the Verum dataset according to our survey to date. With such results, the proposal in this study is not only meaningful in terms of science but also in practical terms when the method of using intelligent cognitive computing techniques to analyze and evaluate source code has helped to improve the efficiency of the source code analysis and vulnerability detection process.

The video steganography technique is being studied and applied a lot today because of its benefits. In particular, the video steganography technique using Bit-Plane Complexity Segmentation (BPCS) has increasingly proven its effectiveness compared to other methods. In this paper, based on the theoretical basis of the BPCS method, we propose a new method to improve the efficiency of the steganography process. Accordingly, our improvement proposal in this paper is improving the complexity formula of the bit planes. Our new formula not only has improved the steganographic thresholds in the bit planes to find more planes hiding secret information, but also has ensured the amount of information hidden in the video and their safety. The experimental results in the paper have not only demonstrated the effectiveness of our proposed method but also provided a new mechanism for digital image analysis in general and video steganography techniques in particular.

Web application firewall is a highly effective application in protecting the application layer and database layer of websites from attack access. This paper proposes a new web application firewall deploying method based on Dynamic Web application profiling (DWAP) analysis technique. This is a method to deploy a firewall based on analyzing website access data. DWAP is improved to integrate deeply into the structure of the website to increase the compatibility of the anomaly detection system into each website, thereby improving the ability to detect abnormal requests. To improve the compatibility of the web application firewall with protected objects, the proposed system consists of two parts with the main tasks are: i) Detect abnormal access in web application (WA) access; ii) Semi-automatic update the attack data to the abnormal access detection system during WA access. This new method is applicable in real-time detection systems where updating of new attack data is essential since web attacks are increasingly complex and sophisticated.