DFA-AD: a distributed framework architecture for the detection of advanced persistent threats

Pradip Kumar Sharma, Seo Yeon Moon, Daesung Moon, Jong Hyuk Park*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

37 Citations (Scopus)


Advanced persistent threats (APTs) are target-oriented and advanced cyber-attacks which often leverage the bot control and customized malware techniques in order to control and remotely access valuable information. APTs generally use various attack techniques to gain access to the unauthorized system and then progressively spread throughout the network. The prime objectives of APT attacks are to steal intellectual property, legal documents, sensitive internal business and other data. If an attack is successfully launched on a system, the timely detection of attack is extremely important to stop APTs from further spreading and for mitigating its impact. On the other hand, internet of things (IoT) devices quickly become ubiquitous while IoT services become pervasive. Their prosperity has not gone unnoticed, and the number of attacks and threats against IoT devices and services are also increasing. Cyber-attacks are not new to IoT, but as the IoT will be deeply intertwined in our societies and lives, it becomes essential to take cyber defense seriously. In this paper, we propose a novel distributed framework architecture for the detection of APTs named as distributed framework architecture for APTs detection (DFA-AD), which is a promising basis for modern intrusion detection systems. In contrast to other approaches, the DFA-AD technique for detecting APT attack is based on multiple parallel classifiers, which classify the events in a distributed environment and event correlation among those events. Each classifier method is focused on detecting the APT’s attack technique independently. The evaluation results show that the proposed approach achieves greater effectiveness and accuracy.

Original languageEnglish
Pages (from-to)597-609
Number of pages13
JournalCluster Computing
Early online date20 Dec 2016
Publication statusPublished - 2017

Bibliographical note

This work was supported by Institute for Information & communications Technology Promotion (IITP) Grant funded by the Korea government (MSIP) (No.R-20160222-002755, Cloud based Security Intelligence Technology Development for the Customized Security Service Provisioning.


  • Advanced persistent threats
  • Classification and regression trees
  • Dynamic Bayesian game model
  • Genetic programming
  • Internet of things
  • Support vector machines


Dive into the research topics of 'DFA-AD: a distributed framework architecture for the detection of advanced persistent threats'. Together they form a unique fingerprint.

Cite this