Using deep learning methods to detect APT attacks

Abstract

In the qualification (bachelor's) work, the use of deep learning methods for detecting APT attacks is investigated. APT models, in particular the Cyber Kill Chain model, and modern approaches to detecting them are analysed. A method for detecting APT attacks at the operating system level using clustering methods is proposed. An experimental software package has been developed to emulate the behaviour of system users and apply deep learning methods, in particular recurrent neural networks, to effectively detect malicious activity. The experiments have demonstrated the high efficiency of the proposed solutions, with an accuracy of detecting malicious activity of up to 92%.