Detecting advanced persistent threats via casual graph neural network

Zhida Guo; Xiaoli Li; Haobin Shen; Xiaolu Zhang; Wanji Wang; Dehua Xie

doi:10.1117/12.3052125

15 January 2025 Detecting advanced persistent threats via casual graph neural network

Zhida Guo, Xiaoli Li, Haobin Shen, Xiaolu Zhang, Wanji Wang, Dehua Xie

Author Affiliations +

Proceedings Volume 13516, Fourth International Conference on Network Communication and Information Security (ICNCIS 2024); 135160Z (2025) https://doi.org/10.1117/12.3052125
Event: International Conference on Network Communication and Information Security (ICNCIS 2024), 2024, Hangzhou, China

Abstract

APT attacks are highly dangerous and covert, making them difficult to detect using conventional security measures. Causal analysis based on trace graphs has become a common method for APT detection. However, previous work has encountered several issues, such as the inability to fully utilize contextual information from trace graphs, the requirement for prior records of APT attacks, and excessive computational overhead. This paper proposes an effective self-supervised learning-based method for APT detection. By leveraging provenance graphs and graph representation learning techniques, this method enables multi-granularity detection and effectively accomplishes the task of system anomaly detection. The model adopts outlier detection techniques, enabling APT detection at both the entity level and batch log level. We evaluated our method on three public datasets, and the results demonstrate that our approach achieves optimal detection performance while significantly outperforming existing APT detection methods in terms of computational overhead.

(2025) Published by SPIE. Downloading of the abstract is permitted for personal use only.

Citation Download Citation

Zhida Guo, Xiaoli Li, Haobin Shen, Xiaolu Zhang, Wanji Wang, and Dehua Xie "Detecting advanced persistent threats via casual graph neural network", Proc. SPIE 13516, Fourth International Conference on Network Communication and Information Security (ICNCIS 2024), 135160Z (15 January 2025); https://doi.org/10.1117/12.3052125

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

;

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
7 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Network security

Information security

Neural networks

Computer security

Systems modeling

RELATED CONTENT

Learning consensus in adversarial environments
Proceedings of SPIE (May 17 2013)

Computer application software development technology based on artificial intelligence
Proceedings of SPIE (March 18 2022)

Research on prediction of security corresponding frequency based on GRU
Proceedings of SPIE (November 10 2022)

Assessment and management of security risks in accounting information systems...
Proceedings of SPIE (January 16 2025)

A vector relational data modeling approach to Insider threat intelligence
Proceedings of SPIE (May 12 2016)

Security assurances for intelligent complex systems
Proceedings of SPIE (April 30 2007)

Semantic policy and adversarial modeling for cyber threat identification and...
Proceedings of SPIE (April 29 2009)

Subscribe to Digital Library

Receive Erratum Email Alert

Keywords/Phrases

Search In:

Publication Years