Tianqi Wu, Zhuo Lv, Daojuan Zhang, Kexiang Qian, Ming Wang
{"title":"基于细粒度序列构建和学习的APT攻击调查","authors":"Tianqi Wu, Zhuo Lv, Daojuan Zhang, Kexiang Qian, Ming Wang","doi":"10.1109/ISCTIS58954.2023.10213187","DOIUrl":null,"url":null,"abstract":"APT attack investigation aims to provide the security investigators a causal subgraph of the whole causal graph, so that they can easily analyze attacks. However, existing methods either output subgraphs that miss critical attack steps, or are too large and thus challenging to utilize. To address these limitations, we propose a new APT attack investigation approach based on fine-grained sequence construction and learning. Specifically, our approach is built upon the ATLAS framework, and constructs more attack sequences with a finer granularity. It then learns the attack behavior patterns from these constructed sequences. During inference, when presented with an attack symptom, our approach first predicts attack-related nodes in the causal graph and then constructs the causal subgraph based on these nodes. To evaluate our method, we conduct experiments using a simulated environment and four real attacks. The results demonstrate the effectiveness of the proposed approach compared to the state-of-the-art method ATLAS.","PeriodicalId":334790,"journal":{"name":"2023 3rd International Symposium on Computer Technology and Information Science (ISCTIS)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"APT Attack Investigation via Fine-grained Sequence Construction and Learning\",\"authors\":\"Tianqi Wu, Zhuo Lv, Daojuan Zhang, Kexiang Qian, Ming Wang\",\"doi\":\"10.1109/ISCTIS58954.2023.10213187\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"APT attack investigation aims to provide the security investigators a causal subgraph of the whole causal graph, so that they can easily analyze attacks. However, existing methods either output subgraphs that miss critical attack steps, or are too large and thus challenging to utilize. To address these limitations, we propose a new APT attack investigation approach based on fine-grained sequence construction and learning. Specifically, our approach is built upon the ATLAS framework, and constructs more attack sequences with a finer granularity. It then learns the attack behavior patterns from these constructed sequences. During inference, when presented with an attack symptom, our approach first predicts attack-related nodes in the causal graph and then constructs the causal subgraph based on these nodes. To evaluate our method, we conduct experiments using a simulated environment and four real attacks. The results demonstrate the effectiveness of the proposed approach compared to the state-of-the-art method ATLAS.\",\"PeriodicalId\":334790,\"journal\":{\"name\":\"2023 3rd International Symposium on Computer Technology and Information Science (ISCTIS)\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 3rd International Symposium on Computer Technology and Information Science (ISCTIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCTIS58954.2023.10213187\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 3rd International Symposium on Computer Technology and Information Science (ISCTIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCTIS58954.2023.10213187","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
APT Attack Investigation via Fine-grained Sequence Construction and Learning
APT attack investigation aims to provide the security investigators a causal subgraph of the whole causal graph, so that they can easily analyze attacks. However, existing methods either output subgraphs that miss critical attack steps, or are too large and thus challenging to utilize. To address these limitations, we propose a new APT attack investigation approach based on fine-grained sequence construction and learning. Specifically, our approach is built upon the ATLAS framework, and constructs more attack sequences with a finer granularity. It then learns the attack behavior patterns from these constructed sequences. During inference, when presented with an attack symptom, our approach first predicts attack-related nodes in the causal graph and then constructs the causal subgraph based on these nodes. To evaluate our method, we conduct experiments using a simulated environment and four real attacks. The results demonstrate the effectiveness of the proposed approach compared to the state-of-the-art method ATLAS.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
