Abstract
Many sophisticated attacks, e.g. Advanced Persistent Threats (APTs), have emerged with a variety of different attack forms. APT employs a wide range of sophisticated reconnaissance and information-gathering tools, as well as attack tools and methods. The diversity and stealthiness of APT make it a challenging threat to current networking systems. The attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect invaluable Current commonly used solutions (firewalls, Intrusion Detection Systems, proxies, etc.) show the limited efficiency of detecting APT. Thus, in this paper, we design a solution that is based on multi-source data combination to learn the adversarial behavior of suspicious users as well as to optimally select a proper countermeasure.