{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T00:26:49Z","timestamp":1767832009736,"version":"3.49.0"},"reference-count":38,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[2022,3,1]],"date-time":"2022-03-01T00:00:00Z","timestamp":1646092800000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No.61772229"],"award-info":[{"award-number":["No.61772229"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No.62072208"],"award-info":[{"award-number":["No.62072208"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012326","name":"International Science and Technology Cooperation Projects of Jilin Province","doi-asserted-by":"publisher","award":["No.20210402082GH"],"award-info":[{"award-number":["No.20210402082GH"]}],"id":[{"id":"10.13039\/501100012326","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["International Journal of Distributed Sensor Networks"],"published-print":{"date-parts":[[2022,3]]},"abstract":"<jats:p> In recent years, the Internet of Things has been widely used in modern life. Advanced persistent threats are long-term network attacks on specific targets with attackers using advanced attack methods. The Internet of Things targets have also been threatened by advanced persistent threats with the widespread application of Internet of Things. The Internet of Things device such as sensors is weaker than host in security. In the field of advanced persistent threat detection, most works used machine learning methods whether host-based detection or network-based detection. However, models using machine learning methods lack robustness because it can be attacked easily by adversarial examples. In this article, we summarize the characteristics of advanced persistent threats traffic and propose the algorithm to make adversarial examples for the advanced persistent threat detection model. We first train advanced persistent threat detection models using different machine learning methods, among which the highest F1-score is 0.9791. Then, we use the algorithm proposed to grey-box attack one of models and the detection success rate of the model drop from 98.52% to 1.47%. We prove that advanced persistent threats adversarial examples are transitive and we successfully black-box attack other models according to this. The detection success rate of the attacked model with the best attacked effect dropped from 98.66% to 0.13%. <\/jats:p>","DOI":"10.1177\/15501329221080417","type":"journal-article","created":{"date-parts":[[2022,3,2]],"date-time":"2022-03-02T11:33:58Z","timestamp":1646220838000},"page":"155013292210804","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":8,"title":["Exploring the vulnerability in the inference phase of advanced persistent threats"],"prefix":"10.1177","volume":"18","author":[{"given":"Qi","family":"Wu","sequence":"first","affiliation":[{"name":"College of Software, Jilin University, Changchun, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7510-4718","authenticated-orcid":false,"given":"Qiang","family":"Li","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Jilin University, Changchun, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1341-6390","authenticated-orcid":false,"given":"Dong","family":"Guo","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, Jilin University, Changchun, China"}]},{"given":"Xiangyu","family":"Meng","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Jilin University, Changchun, China"}]}],"member":"179","published-online":{"date-parts":[[2022,3,2]]},"reference":[{"key":"bibr1-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.07.001"},{"key":"bibr2-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2891891"},{"key":"bibr3-15501329221080417","unstructured":"Radware. Protecting what you can\u2019t see: eliminating security blind spots in an age of technological change global application & network security report, 2020, https:\/\/www.radware.com\/ert-report-2020\/"},{"key":"bibr4-15501329221080417","unstructured":"National Security Agency (NSA) and Federal Bureau of Investigation (FBI). Russian GRU 85th GTsSS deploys previously undisclosed Drovorub Malware, 2020, https:\/\/media.defense.gov\/2020\/Aug\/13\/2002476465\/-1\/-1\/0\/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF"},{"key":"bibr5-15501329221080417","volume-title":"2019 15th International conference on network and service management","author":"Bian H"},{"key":"bibr6-15501329221080417","first-page":"242","volume-title":"2019 IEEE 44th conference on local computer networks","author":"Bai T"},{"key":"bibr7-15501329221080417","doi-asserted-by":"publisher","DOI":"10.3390\/s19143180"},{"key":"bibr8-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.06.055"},{"issue":"11","key":"bibr9-15501329221080417","first-page":"1","volume":"36","author":"Yu F","year":"2015","journal-title":"J Commun"},{"key":"bibr10-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2015.2458581"},{"key":"bibr11-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/4916953"},{"key":"bibr12-15501329221080417","unstructured":"Schindler T. Anomaly detection in log data using graph databases and machine learning to defend advanced persistent threats. arXiv preprint arXiv:180200259, 2018."},{"key":"bibr13-15501329221080417","unstructured":"Goodfellow IJ, Shlens J, Szegedy C. Explaining and harnessing adversarial examples. arXiv preprint arXiv:14126572, 2014."},{"key":"bibr14-15501329221080417","unstructured":"Kurakin A, Goodfellow I, Bengio S. Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533, 2016."},{"key":"bibr15-15501329221080417","first-page":"231","volume-title":"2020 IEEE\/CVF Conference on computer vision and pattern recognition (CVPR)","author":"Zhou MY"},{"key":"bibr16-15501329221080417","unstructured":"Xia F, Liu R. Adversarial examples generation and defense based on generative adversarial network. arXiv preprint arXiv:171200170, 2016."},{"key":"bibr17-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_4"},{"key":"bibr18-15501329221080417","unstructured":"Hu W, Tan Y. Generating adversarial malware examples for black-box attacks based on GAN. arXiv preprint arXiv:170205983, 2017."},{"key":"bibr19-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3054356"},{"key":"bibr20-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.6001."},{"key":"bibr21-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-70713-2_61"},{"key":"bibr22-15501329221080417","first-page":"1","volume":"2020","author":"Wu Y","year":"2020","journal-title":"Secur Commun Netw"},{"key":"bibr23-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/425731"},{"key":"bibr24-15501329221080417","first-page":"580","volume-title":"2014 IEEE conference on computer vision and pattern recognition (CVPR)","author":"Girshick R"},{"key":"bibr25-15501329221080417","volume-title":"Proceedings of the IEEE conference on computer vision and pattern recognition","author":"He K"},{"key":"bibr26-15501329221080417","unstructured":"Simonyan K, Zisserman A. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:14091556, 2014."},{"key":"bibr27-15501329221080417","volume-title":"Proceedings of the 8th international symposium on visualization for cyber security","author":"Nataraj L"},{"key":"bibr28-15501329221080417","volume-title":"Workshops at the thirty-second AAAI conference on artificial intelligence","author":"Raff E"},{"key":"bibr29-15501329221080417","first-page":"103","volume-title":"Proceedings of the 2018 13th international conference on malicious and unwanted software (MALWARE)","author":"Alsulami B"},{"key":"bibr30-15501329221080417","first-page":"2871","volume-title":"Proceedings of the twenty-ninth AAAI conference on artificial intelligence","author":"Mei SK"},{"key":"bibr31-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1109\/TEVC.2019.2890858"},{"key":"bibr32-15501329221080417","unstructured":"Klassen F. Tcpreplay, https:\/\/tcpreplay.appneta.com\/wiki\/captures.html"},{"key":"bibr33-15501329221080417","unstructured":"Mila. Collection of Pcap files from malware analysis, 2015, http:\/\/contagiodump.blogspot.com\/2013\/04\/collection-of-pcap-files-from-malware.html"},{"key":"bibr34-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-017-1256-y"},{"key":"bibr35-15501329221080417","first-page":"64","volume-title":"IWSPA\u201916: proceedings of the 2016 ACM international workshop on security and privacy analytics","author":"Siddiqui S"},{"key":"bibr36-15501329221080417","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(11)70086-1"},{"key":"bibr37-15501329221080417","doi-asserted-by":"publisher","DOI":"10.30574\/gjeta.2020.2.2.0007"},{"key":"bibr38-15501329221080417","unstructured":"Grosse K, Manoharan P, Papernot N, et al. On the (statistical) detection of adversarial examples. arXiv preprint arXiv:170206280, 2017."}],"container-title":["International Journal of Distributed Sensor Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/15501329221080417","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/15501329221080417","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/15501329221080417","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,2]],"date-time":"2022-03-02T11:34:27Z","timestamp":1646220867000},"score":1,"resource":{"primary":{"URL":"http:\/\/journals.sagepub.com\/doi\/10.1177\/15501329221080417"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3]]},"references-count":38,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,3]]}},"alternative-id":["10.1177\/15501329221080417"],"URL":"https:\/\/doi.org\/10.1177\/15501329221080417","relation":{},"ISSN":["1550-1329","1550-1477"],"issn-type":[{"value":"1550-1329","type":"print"},{"value":"1550-1477","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3]]}}}