@Article{iasc.2023.036946, AUTHOR = {U. Sakthivelu, C. N. S. Vinoth Kumar}, TITLE = {Advanced Persistent Threat Detection and Mitigation Using Machine Learning Model}, JOURNAL = {Intelligent Automation \& Soft Computing}, VOLUME = {36}, YEAR = {2023}, NUMBER = {3}, PAGES = {3691--3707}, URL = {http://www.techscience.com/iasc/v36n3/51951}, ISSN = {2326-005X}, ABSTRACT = {The detection of cyber threats has recently been a crucial research domain as the internet and data drive people’s livelihood. Several cyber-attacks lead to the compromise of data security. The proposed system offers complete data protection from Advanced Persistent Threat (APT) attacks with attack detection and defence mechanisms. The modified lateral movement detection algorithm detects the APT attacks, while the defence is achieved by the Dynamic Deception system that makes use of the belief update algorithm. Before termination, every cyber-attack undergoes multiple stages, with the most prominent stage being Lateral Movement (LM). The LM uses a Remote Desktop protocol (RDP) technique to authenticate the unauthorised host leaving footprints on the network and host logs. An anomaly-based approach leveraging the RDP event logs on Windows is used for detecting the evidence of LM. After extracting various feature sets from the logs, the RDP sessions are classified using machine-learning techniques with high recall and precision. It is found that the AdaBoost classifier offers better accuracy, precision, F1 score and recall recording 99.9%, 99.9%, 0.99 and 0.98%. Further, a dynamic deception process is used as a defence mechanism to mitigate APT attacks. A hybrid encryption communication, dynamic (Internet Protocol) IP address generation, timing selection and policy allocation are established based on mathematical models. A belief update algorithm controls the defender’s action. The performance of the proposed system is compared with the state-of-the-art models.}, DOI = {10.32604/iasc.2023.036946} }