LTRDetector: Exploring Long-Term Relationship for Advanced Persistent Threats Detection

• URL: http://arxiv.org/abs/2404.03162v1
• Date: Thu, 4 Apr 2024 02:30:51 GMT
• Title: LTRDetector: Exploring Long-Term Relationship for Advanced Persistent Threats Detection
• Authors: Xiaoxiao Liu, Fan Xu, Nan Wang, Qinxin Zhao, Dalin Zhang, Xibin Zhao, Jiqiang Liu,
• Abstract summary: Advanced Persistent Threat (APT) is challenging to detect due to prolonged duration, infrequent occurrence, and adept concealment techniques. Existing approaches primarily concentrate on the observable traits of attack behaviors, neglecting the intricate relationships formed throughout the persistent attack lifecycle. We present an innovative APT detection framework named LTRDetector, implementing an end-to-end holistic operation.
• Score: 20.360010908574303
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Advanced Persistent Threat (APT) is challenging to detect due to prolonged duration, infrequent occurrence, and adept concealment techniques. Existing approaches primarily concentrate on the observable traits of attack behaviors, neglecting the intricate relationships formed throughout the persistent attack lifecycle. Thus, we present an innovative APT detection framework named LTRDetector, implementing an end-to-end holistic operation. LTRDetector employs an innovative graph embedding technique to retain comprehensive contextual information, then derives long-term features from these embedded provenance graphs. During the process, we compress the data of the system provenance graph for effective feature learning. Furthermore, in order to detect attacks conducted by using zero-day exploits, we captured the system's regular behavior and detects abnormal activities without relying on predefined attack signatures. We also conducted extensive evaluations using five prominent datasets, the efficacy evaluation of which underscores the superiority of LTRDetector compared to existing state-of-the-art techniques.

Related papers

• Slot: Provenance-Driven APT Detection through Graph Reinforcement Learning [26.403625710805418]
  Advanced Persistent Threats (APTs) represent sophisticated cyberattacks characterized by their ability to remain undetected for extended periods. We propose Slot, an advanced APT detection approach based on provenance graphs and graph reinforcement learning. We show Slot's outstanding accuracy, efficiency, adaptability, and robustness in APT detection, with most metrics surpassing state-of-the-art methods.
  arXiv  Detail & Related papers  (2024-10-23T14:28:32Z)
• Accurate and Scalable Detection and Investigation of Cyber Persistence Threats [6.426529295074839]
  This paper introduces Cyber Persistence Detector (CPD), a novel system dedicated to detecting cyber persistence through provenance analytics. CPD discerns setups signaling an impending persistent threat and then traces processes linked to remote connections to identify persistence execution activities. We propose a novel alert triage algorithm that further reduces false positives associated with persistence threats.
  arXiv  Detail & Related papers  (2024-07-26T15:51:49Z)
• RAPID: Robust APT Detection and Investigation Using Context-Aware Deep Learning [26.083244046813512]
  We introduce a novel deep learning-based method for robust APT detection and investigation. By utilizing self-supervised sequence learning and iteratively learned embeddings, our approach effectively adapts to dynamic system behavior. Our evaluation demonstrates RAPID's effectiveness and computational efficiency in real-world scenarios.
  arXiv  Detail & Related papers  (2024-06-08T05:39:24Z)
• Sequential Attention Source Identification Based on Feature Representation [88.05527934953311]
  This paper proposes a sequence-to-sequence based localization framework called Temporal-sequence based Graph Attention Source Identification (TGASI) based on an inductive learning idea. It's worth mentioning that the inductive learning idea ensures that TGASI can detect the sources in new scenarios without knowing other prior knowledge.
  arXiv  Detail & Related papers  (2023-06-28T03:00:28Z)
• TBDetector:Transformer-Based Detector for Advanced Persistent Threats with Provenance Graph [17.518551273453888]
  We propose TBDetector, a transformer-based advanced persistent threat detection method for APT attack detection. Provenance graphs provide rich historical information and have the powerful attacks historic correlation ability. To evaluate the effectiveness of the proposed method, we have conducted experiments on five public datasets.
  arXiv  Detail & Related papers  (2023-04-06T03:08:09Z)
• PULL: Reactive Log Anomaly Detection Based On Iterative PU Learning [58.85063149619348]
  We propose PULL, an iterative log analysis method for reactive anomaly detection based on estimated failure time windows. Our evaluation shows that PULL consistently outperforms ten benchmark baselines across three different datasets.
  arXiv  Detail & Related papers  (2023-01-25T16:34:43Z)
• ReDFeat: Recoupling Detection and Description for Multimodal Feature Learning [51.07496081296863]
  We recouple independent constraints of detection and description of multimodal feature learning with a mutual weighting strategy. We propose a detector that possesses a large receptive field and is equipped with learnable non-maximum suppression layers. We build a benchmark that contains cross visible, infrared, near-infrared and synthetic aperture radar image pairs for evaluating the performance of features in feature matching and image registration tasks.
  arXiv  Detail & Related papers  (2022-05-16T04:24:22Z)
• A Rule Mining-Based Advanced Persistent Threats Detection System [2.75264806444313]
  Advanced persistent threats (APT) are stealthy cyber-attacks aimed at stealing valuable information from target organizations. Provenance-tracking and trace mining are considered promising as they can help find causal relationships between activities and flag suspicious event sequences as they occur. We introduce an unsupervised method that exploits OS-independent features reflecting process activity to detect realistic APT-like attacks from provenance traces.
  arXiv  Detail & Related papers  (2021-05-20T22:13:13Z)
• No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems [95.54151664013011]
  We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system. We analyze four anomaly detectors published at top security conferences.
  arXiv  Detail & Related papers  (2020-12-07T11:02:44Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)
• Adversarial vs behavioural-based defensive AI with joint, continual and active learning: automated evaluation of robustness to deception, poisoning and concept drift [62.997667081978825]
  Recent advancements in Artificial Intelligence (AI) have brought new capabilities to behavioural analysis (UEBA) for cyber-security. In this paper, we present a solution to effectively mitigate this attack by improving the detection process and efficiently leveraging human expertise.
  arXiv  Detail & Related papers  (2020-01-13T13:54:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.