LTRDetector: Exploring Long-Term Relationship for Advanced Persistent Threats Detection
CoRR(2024)
摘要
Advanced Persistent Threat (APT) is challenging to detect due to prolonged
duration, infrequent occurrence, and adept concealment techniques. Existing
approaches primarily concentrate on the observable traits of attack behaviors,
neglecting the intricate relationships formed throughout the persistent attack
lifecycle. Thus, we present an innovative APT detection framework named
LTRDetector, implementing an end-to-end holistic operation. LTRDetector employs
an innovative graph embedding technique to retain comprehensive contextual
information, then derives long-term features from these embedded provenance
graphs. During the process, we compress the data of the system provenance graph
for effective feature learning. Furthermore, in order to detect attacks
conducted by using zero-day exploits, we captured the system's regular behavior
and detects abnormal activities without relying on predefined attack
signatures. We also conducted extensive evaluations using five prominent
datasets, the efficacy evaluation of which underscores the superiority of
LTRDetector compared to existing state-of-the-art techniques.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要