Abstract
In order to solve the problems that the current Advanced Persistent Threat (APT) attack detection methods lack the detection of potential APT attack threats, and are difficult to obtain high detection accuracy in the case of smaller APT attack samples, a Sample Enhanced Multi-Stage APT Attack Detection Network (SE-ADN) is proposed. Sequence Generative Adversarial Network (seqGAN) is used to simulate the generative attack encoder sequences, which are constructed by malicious traffic. The samples of multi-stage APT attack sequences are enhanced to increase the number of samples and improve the diversity of sample traffic features. A multi-stage APT attack detection network is proposed, which uses the attack features of each stage to enhance the detection awareness ability and improve the detection accuracy of the potential APT attack. The experimental results show that SE-ADN performs well on two benchmark datasets, and is better than the comparison methods in detecting multiple types of potential APT attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Stojanović, B.F., Hofer-Schmitz, K.S., Kleb, U.T.: APT datasets and attack modeling for automated detection methods: a review. Comput. Secur. 92, 101734–101752 (2020)
Alshamrani, A.F., Myneni, S.S., Chowdhary, A.T.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutorials 21(2), 1851–1877 (2019)
Coulter, R.F., Zhang, J.S., Pan, L.T., Xiang, Y.F.: Domain adaptation for Windows advanced persistent threat detection. Comput. Secur. 112, 102496–102510 (2022)
Coulter, R.F., Zhang, J.S., Pan, L.T., Xiang, Y.F.: Unmasking windows advanced persistent threat execution. In: Wang, G.F., Ko, R.S. (eds.) Proceedings of 19th International Conference on Trust, Security and Privacy in Computing and Communications 2020. LNCS, vol. 19, pp. 268–276. IEEE, Piscataway (2020)
Lin, G.F., Wen, S.S., Han, Q.L.: Software vulnerability detection using deep neural networks: a survey. Proc. IEEE 108(10), 1825–1848 (2020)
Liu, H.F., Wu, T.S., Shen, J.T.: Advanced persistent threat detection based on generative adversarial networks and long short-term memory. Comput. Sci. 47(1), 281–286 (2020)
Dong, J.F.: Research on generation and detection of APT attack sequence based on GAN. Harbin Engineering University, pp. 857–916 (2020)
Joloudari, J.F., Haderbadi, M.S., Mashmool, A.T.: Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 8(8), 186125–186137 (2020)
Do, X.F., Dao, M.S., Nguyen, H.T.: APT attack detection based on flow network analysis techniques using deep learning. J. Intell. Fuzzy Syst. 39(3), 4785–4801 (2020)
Sharafaldin, I.F., Lashkari, A.S., Ghorbani, A.T.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, vol. 1, pp. 108–116 (2018)
Myneni, S., et al.: DAPT 2020 - constructing a benchmark dataset for advanced persistent threats. In: Wang, G., Ciptadi, A., Ahmadzadeh, A. (eds.) MLHat 2020. CCIS, vol. 1271, pp. 138–163. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59621-7_8
Acknowledgment
This work was supported by the National Natural Science Foundation of China (No. U1833107).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Xie, L., Li, X., Yang, H., Zhang, L. (2022). A Multi-stage APT Attack Detection Method Based on Sample Enhancement. In: Chen, X., Shen, J., Susilo, W. (eds) Cyberspace Safety and Security. CSS 2022. Lecture Notes in Computer Science, vol 13547. Springer, Cham. https://doi.org/10.1007/978-3-031-18067-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-18067-5_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18066-8
Online ISBN: 978-3-031-18067-5
eBook Packages: Computer ScienceComputer Science (R0)