A Causal Graph-Based Approach for APT Predictive Analytics-Reference-Cited by-同舟云学术

A Causal Graph-Based Approach for APT Predictive Analytics

Published:2023-04-13 Issue:8 Volume:12 Page:1849
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Liu Haitian¹^ORCID,Jiang Rong¹^ORCID

Affiliation:

1. College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China

Abstract

In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (APT) audit log information and uses a combination of causal graphs and deep learning techniques to perform predictive analysis of APT. The study focuses on two different methods of constructing malicious activity scenarios, including those based on malicious entity evolving graphs and malicious entity neighborhood graphs. Deep learning networks are then utilized to learn from past malicious activity scenarios and predict specific malicious attack events. To validate the effectiveness of this approach, audit log data published by DARPA’s Transparent Computing Program and restored by ATLAS are used to demonstrate the confidence of the prediction results and recommend the most effective malicious event prediction by Top-N.

Funder

National Key Research and Development Program of China

National Natural Science Foundation of China

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/8/1849/pdf

Reference55 articles.

1. Hidden Markov models and alert correlations for the prediction of advanced persistent threats;Ghafir;IEEE Access,2019

2. CNET (2017, October 22). ‘Wannacry’ Ransomware: Everything You Need to Know. Available online: https://www.windowscentral.com/wannacry-ransomware-attack-windows.

3. Washington Post (2017, October 22). Massive Cyberattack Hits Europe with Widespread Ransom Demands. Available online: https://www.thegazette.com/nation-world/massive-cyberattack-hits-europe-with-widespread-ransom-demands.

4. Qi, Y., Jiang, R., Jia, Y., and Li, A. (2020). Attack Analysis Framework for Cyber-Attack and Defense Test Platform. Electronics, 9.

5. Steinberger, J., Sperotto, A., Golling, M., and Baier, H. (2015, January 11–15). How to exchange security events? Overview and evaluation of formats and protocols. Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, Canada.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Financial Anti-Fraud Based on Dual-Channel Graph Attention Network;Journal of Theoretical and Applied Electronic Commerce Research;2024-02-02