Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism
In response to the difficulty of existing attack detection methods in dealing with advanced persistent threat (APT) with longer durations, complex and covert attack methods, a model for APT attack detection based on attention mechanisms and provenance graphs was proposed.Firstly, provenance graphs t...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2024-03-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024039/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841540053548924928 |
|---|---|
| author | Yuancheng LI Hao LUO Xinyu WANG Jiexuan YUAN |
| author_facet | Yuancheng LI Hao LUO Xinyu WANG Jiexuan YUAN |
| author_sort | Yuancheng LI |
| collection | DOAJ |
| description | In response to the difficulty of existing attack detection methods in dealing with advanced persistent threat (APT) with longer durations, complex and covert attack methods, a model for APT attack detection based on attention mechanisms and provenance graphs was proposed.Firstly, provenance graphs that described system behavior based on system audit logs were constructed.Then, an optimization algorithm was designed to reduce the scale of provenance graphs without sacrificing key semantics.Afterward, a deep neural network (DNN) was utilized to convert the original attack sequence into a semantically enhanced feature vector sequence.Finally, an APT attack detection model named DAGCN was designed.An attention mechanism was applied to the traceback graph sequence.By allocating different weights to different positions in the input sequence and performing weight calculations, sequence feature information of sustained attacks could be extracted over a longer period of time, which effectively identified malicious nodes and reconstructs the attack process.The proposed model outperforms existing models in terms of recognition accuracy and other metrics.Experimental results on public APT attack datasets show that, compared with existing APT attack detection models, the accuracy of the proposed model in APT attack detection reaches 93.18%. |
| format | Article |
| id | doaj-art-81c808f39dfd414fa3f1d95977bb53f4 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2024-03-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-81c808f39dfd414fa3f1d95977bb53f42025-01-14T06:21:54ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2024-03-014511713059296512Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanismYuancheng LIHao LUOXinyu WANGJiexuan YUANIn response to the difficulty of existing attack detection methods in dealing with advanced persistent threat (APT) with longer durations, complex and covert attack methods, a model for APT attack detection based on attention mechanisms and provenance graphs was proposed.Firstly, provenance graphs that described system behavior based on system audit logs were constructed.Then, an optimization algorithm was designed to reduce the scale of provenance graphs without sacrificing key semantics.Afterward, a deep neural network (DNN) was utilized to convert the original attack sequence into a semantically enhanced feature vector sequence.Finally, an APT attack detection model named DAGCN was designed.An attention mechanism was applied to the traceback graph sequence.By allocating different weights to different positions in the input sequence and performing weight calculations, sequence feature information of sustained attacks could be extracted over a longer period of time, which effectively identified malicious nodes and reconstructs the attack process.The proposed model outperforms existing models in terms of recognition accuracy and other metrics.Experimental results on public APT attack datasets show that, compared with existing APT attack detection models, the accuracy of the proposed model in APT attack detection reaches 93.18%.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024039/provenance graphnatural language processingAPT attack detectionattention mechanism |
| spellingShingle | Yuancheng LI Hao LUO Xinyu WANG Jiexuan YUAN Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism Tongxin xuebao provenance graph natural language processing APT attack detection attention mechanism |
| title | Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism |
| title_full | Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism |
| title_fullStr | Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism |
| title_full_unstemmed | Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism |
| title_short | Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism |
| title_sort | construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism |
| topic | provenance graph natural language processing APT attack detection attention mechanism |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024039/ |
| work_keys_str_mv | AT yuanchengli constructionofadvancedpersistentthreatattackdetectionmodelbasedonprovenancegraphandattentionmechanism AT haoluo constructionofadvancedpersistentthreatattackdetectionmodelbasedonprovenancegraphandattentionmechanism AT xinyuwang constructionofadvancedpersistentthreatattackdetectionmodelbasedonprovenancegraphandattentionmechanism AT jiexuanyuan constructionofadvancedpersistentthreatattackdetectionmodelbasedonprovenancegraphandattentionmechanism |