Tongxin xuebao (Dec 2022)
Multi-stage detection method for APT attack based on sample feature reinforcement
Abstract
Given the problems that the current APT attack detection methods were difficult to perceive the diversity of stage flow features and generally hard to detect the long duration APT attack sequences and potential APT attacks with different attack stages, a multi-stage detection method for APT attack based on sample feature reinforcement was proposed.Firstly, the malicious flow was divided into different attack stages and the APT attack identification sequences were constructed by analyzing the characteristics of the APT attack.In addition, sequence generative adversarial network was used to simulate the generation of identification sequences in the multi-stage of APT attacks.Sample feature reinforcement was achieved by increasing the number of sequence samples in different stages, which improved the diversity of multi-stage sample features.Finally, a multi-stage detection network was proposed.Based on the multi-stage perceptual attention mechanism, the extracted multi-stage flow features and identification sequences were calculated by attention to obtain the stage feature vectors.The feature vectors were used as auxiliary information to splice with the identification sequences.The detection model’s perception ability in different stages was enhanced and the detection accuracy was improved.The experimental results show that the proposed method has remarkable detection effects on two benchmark datasets and has better effects on multi-class potential APT attacks than other models.
