Cổng tri thức PTIT

Bài báo quốc tế

Kho tri thức

/

/

A new framework for APT attack detection based on network traffic

A new framework for APT attack detection based on network traffic

Nguyễn Đình Hóa, Đỗ Xuân Chợ, Nguyễn Hoa Cương, Nguyễn Thành Long

Advanced Persistent Threat (APT) attack detection and monitoring has attracted a lot of attention recently when this type of cyber-attacks is growing in both number and dangerous levels. In this paper, a new APT attack model, which is the combination of three different neural network layers including: Multi-layer Perceptron (MLP), Inference (I), and Graph Convolutional Networks (GCN) is proposed. The new model is named MIG for short. In this model, the MLP layer is in charge of aggregating and extracting properties of the IPs based on flow network in Network traffic, while the Inference layer is responsible for building IP information profiles by grouping and concatenating flow networks generated from the same IP. Finally, the GCN layer is used for analyzing and reconstructing IP features based on the behavior extraction process from IP information records. The APT attacks detection method based on network traffic using this MIG model is new, and has yet been proposed and applied anywhere. The novelty and uniqueness of this method is the combination of many different data mining techniques in order to calculate, extract and represent the relationship and the correlation between APT attack behaviors based on Network traffic. In MIG model, many meaningful anomalous properties and behaviors of APT attacks are synthesized and extracted, which help improve the performance of APT attack detection. The experimental results showed that the proposed method is meaningful in both theory and practice since the MIG model not only improves the ability to correctly detect APT attacks in network traffic but also minimizes false alarms. 

Xuất bản trên:

Journal of Intelligent & Fuzzy Systems

Ngày đăng:

2023

DOI:

10.3233/JIFS-221055


Nhà xuất bản:

IOS Press

Địa điểm:


Từ khoá:

APT attacks, behavior profile, inference, graph convolutional neural network, graph analysis

Bài báo liên quan

Hoàng Trọng Minh, Lương Đức Thuận, Nguyễn Hồng Đức, Trần Thị Thanh Thủy
Lê Thị Trang Linh, Nguyễn Minh Quý, Hoàng Trọng Minh
Bui Van Cong, Ma Công Thanh, Dao Hoang Mai, Đỗ Xuân Chợ
Đỗ Xuân Chợ, Nguyễn Duy Phương, Đào Ngọc Phong