Building a multi-agent system for APT detection

Intrusion Detection

DAP/20-03

Finished

Defence Funded Research

December 2019 December 2023

49 months

Georgi Nikolov

Government and military networks have often been prime targets for malicious actors and the current security solutions have proven not to be sufficient any longer. It is reasonable to assume that sooner or later one or more hosts in our networks might and will be a victim of a targeted attack.

Our study builds upon what we accomplished so far in the previous years in developing the MASFAD framework, combining detection algorithms, found in scientific literature, with new algorithms, developed in the context of the study. Continuing our research and development we intend to focus on the following points:

  • optimizing the detection capabilities
  • extending with new pertinent state-of-the-art algorithms
  • providing a robust Visual Analytics Graphical User Interface using “detection through visualization”
  • incorporate security policies to protect our intrusion detection solution through spoofed data verification (via data agents) and detection of malicious code injection (via detection agents)
  • adaptability to diverse environments and network architectures through techniques of parameter auto-tuning and automatic refinement

We aim to present a working operational product at the end of the project that can be used as a powerful stand-alone APT detection solution, or be used with already existing Intrusion Detection Systems.

Publications

MASFAD 2 at EDA CapTech Cyber

APT Detection MASFAD

Today we are proud to present the Multi-Agent System for APT Detection project (MASFAD 2) at the first meeting of the Capability Technology Area Cyber (CapTech Cyber) of the European Defense Agency (EDA).

Read
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept