APT Attack Detection Method Based on Traceability Graph_Vol. 2 No. 2 (JIKE 2024)_Journal of Intelligence and Knowledge Engineering (ISSN: 2959-0620)

Home > Journal of Intelligence and Knowledge Engineering (ISSN: 2959-0620) > Vol. 2 No. 2 (JIKE 2024) >

APT Attack Detection Method Based on Traceability Graph

Download PDF

DOI: https://doi.org/10.62517/jike.202404215

Author(s)

Yihan Yin, Xiangjie He, Yiwei Liao

Affiliation(s)

Institute of Computer Science and Information Engineering, Harbin Normal University, Harbin, China

Abstract

This article proposes an Advanced Persistent Threat (APT) attack detection method based on traceability graphs, aimed at addressing the complexity and concealment of APT attacks. This method describes system behavior by constructing a traceability graph, optimizing it to reduce redundant information, converting the traceability graph sequence into a feature vector sequence, and using an encoder decoder model to train the GRU (Gate Recurrent Unit) model to extract long-term features of the sequence. Finally, a normal behavior model is established through clustering to detect APT attacks.

Keywords

Traceability Graph; APT Attack; Attack Detection; Sequence Signature

References

[1] Anjum M M, Iqbal S, Hamelin B. ANUBIS: a provenance graph-based framework for advanced persistent threat detection[C]// Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. New York: ACM Press, 2022: 1684-1693. [2] Liu J X, Shen Y, Simsek M, et al. A new realistic benchmark for advanced persistent threats in network traffic[J]. IEEE Networking Letters, 2022, 4(3): 162-166. [3] Corallo A, Lazoi M, Lezzi M, et al. Cybersecurity awareness in the context of the industrial Internet of things: a systematic literature review[J]. Computers in Industry, 2022, 137: 103614. [4] Han X Y, Pasquier T F J M, Bates A, et al. UNICORN: runtime provenance-based detector for advanced persistent threats. In: Proceedings of the 27th Annual Network and Distributed System Security Symposium, San Diego, 2020. [5] Pasquier T F J M, Han X Y, Goldstein M, et al. Practical whole-system provenance capture. In: Proceedings of Symposium on Cloud Computing, Santa Clara, 2017. 405-418. [6] Yang D Q, Li B, Rettig L, et al. Histosketch: fast similarity-preserving sketching of streaming histograms with concept drift. In: Proceedings of IEEE International Conference on Data Mining, New Orleans, 2017. 545-554.