A Multi-stage APT Attack Detection Method Based on Sample Enhancement

Xie, Lixia; Li, Xueou; Yang, Hongyu; Zhang, Liang

doi:10.1007/978-3-031-18067-5_15

Lixia Xie¹⁰,
Xueou Li¹⁰,
Hongyu Yang^10,11 &
…
Liang Zhang¹²

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13547))

Included in the following conference series:

International Symposium on Cyberspace Safety and Security

835 Accesses

Abstract

In order to solve the problems that the current Advanced Persistent Threat (APT) attack detection methods lack the detection of potential APT attack threats, and are difficult to obtain high detection accuracy in the case of smaller APT attack samples, a Sample Enhanced Multi-Stage APT Attack Detection Network (SE-ADN) is proposed. Sequence Generative Adversarial Network (seqGAN) is used to simulate the generative attack encoder sequences, which are constructed by malicious traffic. The samples of multi-stage APT attack sequences are enhanced to increase the number of samples and improve the diversity of sample traffic features. A multi-stage APT attack detection network is proposed, which uses the attack features of each stage to enhance the detection awareness ability and improve the detection accuracy of the potential APT attack. The experimental results show that SE-ADN performs well on two benchmark datasets, and is better than the comparison methods in detecting multiple types of potential APT attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Stojanović, B.F., Hofer-Schmitz, K.S., Kleb, U.T.: APT datasets and attack modeling for automated detection methods: a review. Comput. Secur. 92, 101734–101752 (2020)
Article Google Scholar
Alshamrani, A.F., Myneni, S.S., Chowdhary, A.T.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutorials 21(2), 1851–1877 (2019)
Article Google Scholar
Coulter, R.F., Zhang, J.S., Pan, L.T., Xiang, Y.F.: Domain adaptation for Windows advanced persistent threat detection. Comput. Secur. 112, 102496–102510 (2022)
Article Google Scholar
Coulter, R.F., Zhang, J.S., Pan, L.T., Xiang, Y.F.: Unmasking windows advanced persistent threat execution. In: Wang, G.F., Ko, R.S. (eds.) Proceedings of 19th International Conference on Trust, Security and Privacy in Computing and Communications 2020. LNCS, vol. 19, pp. 268–276. IEEE, Piscataway (2020)
Google Scholar
Lin, G.F., Wen, S.S., Han, Q.L.: Software vulnerability detection using deep neural networks: a survey. Proc. IEEE 108(10), 1825–1848 (2020)
Article Google Scholar
Liu, H.F., Wu, T.S., Shen, J.T.: Advanced persistent threat detection based on generative adversarial networks and long short-term memory. Comput. Sci. 47(1), 281–286 (2020)
Google Scholar
Dong, J.F.: Research on generation and detection of APT attack sequence based on GAN. Harbin Engineering University, pp. 857–916 (2020)
Google Scholar
Joloudari, J.F., Haderbadi, M.S., Mashmool, A.T.: Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 8(8), 186125–186137 (2020)
Article Google Scholar
Do, X.F., Dao, M.S., Nguyen, H.T.: APT attack detection based on flow network analysis techniques using deep learning. J. Intell. Fuzzy Syst. 39(3), 4785–4801 (2020)
Article Google Scholar
Sharafaldin, I.F., Lashkari, A.S., Ghorbani, A.T.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, vol. 1, pp. 108–116 (2018)
Google Scholar
Myneni, S., et al.: DAPT 2020 - constructing a benchmark dataset for advanced persistent threats. In: Wang, G., Ciptadi, A., Ahmadzadeh, A. (eds.) MLHat 2020. CCIS, vol. 1271, pp. 138–163. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59621-7_8
Chapter Google Scholar

Download references

Acknowledgment

This work was supported by the National Natural Science Foundation of China (No. U1833107).

Author information

Authors and Affiliations

School of Computer Science and Technology, Civil Aviation University of China, Tianjin, 300300, China
Lixia Xie, Xueou Li & Hongyu Yang
School of Safety Science and Engineering, Civil Aviation University of China, Tianjin, 300300, China
Hongyu Yang
School of Information, The University of Arizona, Tucson, AZ, 85721, USA
Liang Zhang

Authors

Lixia Xie
View author publications
You can also search for this author in PubMed Google Scholar
Xueou Li
View author publications
You can also search for this author in PubMed Google Scholar
Hongyu Yang
View author publications
You can also search for this author in PubMed Google Scholar
Liang Zhang
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hongyu Yang .

Editor information

Editors and Affiliations

Xidian University, Xi'an, China
Xiaofeng Chen
Nanjing University of Information Science, Nanjing, China
Jian Shen
University of Wollongong, Wollongong, NSW, Australia
Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Xie, L., Li, X., Yang, H., Zhang, L. (2022). A Multi-stage APT Attack Detection Method Based on Sample Enhancement. In: Chen, X., Shen, J., Susilo, W. (eds) Cyberspace Safety and Security. CSS 2022. Lecture Notes in Computer Science, vol 13547. Springer, Cham. https://doi.org/10.1007/978-3-031-18067-5_15

Download citation

DOI: https://doi.org/10.1007/978-3-031-18067-5_15
Published: 29 September 2022
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18066-8
Online ISBN: 978-3-031-18067-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics