Building a multi-agent system for APT detection

Intrusion Detection

Government and military networks have often been prime targets for malicious actors and the current security solutions have proven not to be sufficient any longer. It is reasonable to assume that sooner or later one or more hosts in our networks might and will be a victim of a targeted attack.

Our study builds upon what we accomplished so far in the previous years in developing the MASFAD framework, combining detection algorithms, found in scientific literature, with new algorithms, developed in the context of the study. Continuing our research and development we intend to focus on the following points:

• optimizing the detection capabilities
• extending with new pertinent state-of-the-art algorithms
• providing a robust Visual Analytics Graphical User Interface using “detection through visualization”
• incorporate security policies to protect our intrusion detection solution through spoofed data verification (via data agents) and detection of malicious code injection (via detection agents)
• adaptability to diverse environments and network architectures through techniques of parameter auto-tuning and automatic refinement

We aim to present a working operational product at the end of the project that can be used as a powerful stand-alone APT detection solution, or be used with already existing Intrusion Detection Systems.

Publications

• Georgi Nikolov, Thibault Debatty and Wim Mees. 2021. Deploying and testing the Multi Agent Ranking Framework
• Georgi Nikolov and Wim Mees. 2024. Detection of APTs through the use of Visual Analytics with the MASFAD framework