通信学报2024,Vol.45Issue(3):117-130,14.DOI:10.11959/j.issn.1000-436x.2024039
基于溯源图和注意力机制的APT攻击检测模型构建
Construction of advanced persistent threat attack detection model based on provenance graph and attention mechanism
李元诚 1罗昊 1王欣煜 1原洁璇1
作者信息
- 1. 华北电力大学控制与计算机工程学院,北京 102206
- 折叠
摘要
Abstract
In response to the difficulty of existing attack detection methods in dealing with advanced persistent threat(APT)with longer durations,complex and covert attack methods,a model for APT attack detection based on attention mechanisms and provenance graphs was proposed.Firstly,provenance graphs that described system behavior based on system audit logs were constructed.Then,an optimization algorithm was designed to reduce the scale of provenance graphs without sacrificing key semantics.Afterward,a deep neural network(DNN)was utilized to convert the original attack sequence into a semantically enhanced feature vector sequence.Finally,an APT attack detection model named DAGCN was designed.An attention mechanism was applied to the traceback graph sequence.By allocating different weights to different positions in the input sequence and performing weight calculations,sequence feature information of sustained attacks could be extracted over a longer period of time,which effectively identified malicious nodes and recon-structs the attack process.The proposed model outperforms existing models in terms of recognition accuracy and other metrics.Experimental results on public APT attack datasets show that,compared with existing APT attack detection models,the accuracy of the proposed model in APT attack detection reaches 93.18%.关键词
溯源图/自然语言处理/APT攻击检测/注意力机制Key words
provenance graph/natural language processing/APT attack detection/attention mechanism分类
信息技术与安全科学引用本文复制引用
李元诚,罗昊,王欣煜,原洁璇..基于溯源图和注意力机制的APT攻击检测模型构建[J].通信学报,2024,45(3):117-130,14.
