网络安全与数据治理2026,Vol.45Issue(3):10-16,7.DOI:10.19358/j.issn.2097-1788.2026.03.002
融合溯源图与知识图谱的APT攻击检测模型研究
Research on an APT attack detection model integrating provenance graphs and knowledge graphs
安渊 1鲍永庆2
作者信息
- 1. 国家计算机网络应急技术处理协调中心西藏分中心,西藏 拉萨 850000
- 2. 中共西藏自治区委员会网络安全和信息化委员会办公室,西藏 拉萨 850000
- 折叠
摘要
Abstract
Advanced Persistent Threat(APT)attacks,characterized by strong concealment,long duration,and multistage progressive pat-terns,were addressed by a novel detection model.The model was constructed through the fusion of dynamic system behavior provenance graphs with static threat intelligence knowledge graphs.Spatial dependencies and temporal evolution relationships within attack chains were jointly modeled using spatial-temporal graph attention networks.Suspicious associations between entities were captured through graph attention mecha-nisms,while stage-wise evolution of behavioral sequences was modeled using gated recurrent units,enabling end-to-end detection of complete APT attack chains.Experiments on the public Windows-APTs Dataset 2025 demonstrated that the proposed model performed well in the APT multi-classification detection task,with an accuracy of 95.14%and an F1-score of 95.29%.关键词
APT攻击检测/溯源图/知识图谱Key words
APT attack detection/provenance graph/knowledge graph分类
信息技术与安全科学引用本文复制引用
安渊,鲍永庆..融合溯源图与知识图谱的APT攻击检测模型研究[J].网络安全与数据治理,2026,45(3):10-16,7.
