现代信息科技2025,Vol.9Issue(12):171-174,183,5.DOI:10.19850/j.cnki.2096-4706.2025.12.033
基于图神经网络驱动的APT攻击溯源与检测机制研究
Research on APT Attack Provenance and Detection Mechanism Driven Based on Graph Neural Network
张靓 1李成 1陈晓博 1李保珂 1刘可欣1
作者信息
- 1. 昆仑数智科技有限责任公司,北京 102206
- 折叠
摘要
Abstract
Aiming at the challenges of high false alarm rate and poor scalability in large-scale network attack provenance,an Advanced Persistent Threat(APT)intrusion detection system based on provenance graph and Graph Neural Network is constructed.Firstly,a typical attack provenance graph is constructed through the system log.Secondly,the semantic encoder is used to capture the basic semantic attributes and the temporal sequence of events in the provenance graph.Thirdly,a context encoder based on Graph Neural Network is used to effectively encode local and global graph structures into node embedding.Finally,the node embeddings generated during the training phase are quickly classified by the classifier.The algorithm achieves efficient processing of large-scale provenance graphs through Graph Neural Network,and takes into account the efficiency of data processing,which can be used for real-time detection of Advanced Persistent Threat.Compared with existing intrusion detection systems,the algorithm achieves higher detection accuracy on public test datasets,and shows better alarm efficiency and scalability.关键词
溯源图/图神经网络/APT攻击检测Key words
provenance graph/Graph Neural Network/APT attack detection分类
信息技术与安全科学引用本文复制引用
张靓,李成,陈晓博,李保珂,刘可欣..基于图神经网络驱动的APT攻击溯源与检测机制研究[J].现代信息科技,2025,9(12):171-174,183,5.
