信息工程大学学报2025,Vol.26Issue(5):568-574,7.DOI:10.3969/j.issn.1671-0673.2025.05.010
一种面向溯源图实体状态演化的实时APT检测模型
A Real-time APT Detection Model for Entity Evolution in Provenance Graph
摘要
Abstract
Addressing the alert delay issue in existing advanced persistent threat(APT)detection meth-ods based on provenance graphs,a real-time detection scheme named StreamTGN is proposed,which relies on dynamic tracking of system entity states.An operational-level provenance graph with higher information hierarchy is first constructed.Subsequently,the rationality of system activities is dynami-cally analyzed through the state evolution of entities during system operation.Finally,abnormal behav-iors potentially related to APT attacks are detected using dynamically set anomaly thresholds.Experi-mental results demonstrate that StreamTGN effectively addresses the"low-and-slow"behavioral char-acteristics of APT attacks while exhibiting stronger detection stability and robustness compared to ex-isting approaches.关键词
APT检测/溯源图/图神经网络/异常检测Key words
APT detection/provenance graph/graph neural network/anomaly detection分类
计算机与自动化引用本文复制引用
陈明豪,祝凯捷..一种面向溯源图实体状态演化的实时APT检测模型[J].信息工程大学学报,2025,26(5):568-574,7.基金项目
国家自然科学基金(62302520,62402524) (62302520,62402524)
