当前位置:
X-MOL 学术
›
J. Intell. Fuzzy Syst.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
APT attack detection based on flow network analysis techniques using deep learning
Journal of Intelligent & Fuzzy Systems ( IF 1.7 ) Pub Date : 2020-07-07 , DOI: 10.3233/jifs-200694 Cho Do Xuan 1, 2 , Hoa Dinh Nguyen 1 , Mai Hoang Dao 1
Journal of Intelligent & Fuzzy Systems ( IF 1.7 ) Pub Date : 2020-07-07 , DOI: 10.3233/jifs-200694 Cho Do Xuan 1, 2 , Hoa Dinh Nguyen 1 , Mai Hoang Dao 1
Affiliation
Advanced Persistent Threat (APT) attacks are a form of malicious, intentionally and clearly targeted attack. This attack technique is growing in both the number of recorded attacks and the extent of its dangers to organizations, businesses and governments. Therefore, the task of detecting and warning APT attacks in the real system is very necessary today. One of the most effective approaches to APT attack detection is to apply machine learning or deep learning to analyze network traffic. There have been a number of studies and recommendations to analyze network traffic into network flows and then combine with some classification or clustering methods to look for signs of APT attacks. In particular, recent studies often apply machine learning algorithms to spot the present of APT attacks based on network flow. In this paper, a new method based on deep learning to detect APT attacks using network flow is proposed. Accordingly, in our research, network traffic is analyzed into IP-based network flows, then the IP information is reconstructed from flow, and finally deep learning models are used to extract features for detecting APT attack IPs from other IPs. Additionally, a combined deep learning model using Bidirectional Long Short-Term Memory (BiLSTM) and Graph Convolutional Networks (GCN) is introduced. The new detection model is evaluated and compared with some traditional machine learning models, i.e. Multi-layer perceptron (MLP) and single GCN models, in the experiments. Experimental results show that BiLSTM-GCN model has the best performance in all evaluation scores. This not only shows that deep learning application on flow network analysis to detect APT attacks is a good decision but also suggests a new direction for network intrusion detection techniques based on deep learning.
中文翻译:
基于深度学习的基于流网络分析技术的APT攻击检测
高级持久威胁(APT)攻击是一种恶意,有意且明确针对性的攻击。这种攻击技术在记录的攻击数量及其对组织,企业和政府的威胁程度方面都在增长。因此,今天在实际系统中检测和警告APT攻击的任务非常必要。APT攻击检测的最有效方法之一是应用机器学习或深度学习来分析网络流量。已经进行了许多研究和建议,以将网络流量分析成网络流,然后与某些分类或聚类方法结合以查找APT攻击的迹象。特别是,最近的研究经常应用机器学习算法来基于网络流发现APT攻击的存在。在本文中,提出了一种基于深度学习的网络流检测APT攻击的新方法。因此,在我们的研究中,将网络流量分析为基于IP的网络流,然后从流中重构IP信息,最后使用深度学习模型提取特征来检测来自其他IP的APT攻击IP。此外,还引入了使用双向长期短期记忆(BiLSTM)和图卷积网络(GCN)的组合深度学习模型。实验中对新的检测模型进行了评估,并与一些传统的机器学习模型进行了比较,例如多层感知器(MLP)和单个GCN模型。实验结果表明,BiLSTM-GCN模型在所有评估得分中均具有最佳性能。
更新日期:2020-07-07
中文翻译:
基于深度学习的基于流网络分析技术的APT攻击检测
高级持久威胁(APT)攻击是一种恶意,有意且明确针对性的攻击。这种攻击技术在记录的攻击数量及其对组织,企业和政府的威胁程度方面都在增长。因此,今天在实际系统中检测和警告APT攻击的任务非常必要。APT攻击检测的最有效方法之一是应用机器学习或深度学习来分析网络流量。已经进行了许多研究和建议,以将网络流量分析成网络流,然后与某些分类或聚类方法结合以查找APT攻击的迹象。特别是,最近的研究经常应用机器学习算法来基于网络流发现APT攻击的存在。在本文中,提出了一种基于深度学习的网络流检测APT攻击的新方法。因此,在我们的研究中,将网络流量分析为基于IP的网络流,然后从流中重构IP信息,最后使用深度学习模型提取特征来检测来自其他IP的APT攻击IP。此外,还引入了使用双向长期短期记忆(BiLSTM)和图卷积网络(GCN)的组合深度学习模型。实验中对新的检测模型进行了评估,并与一些传统的机器学习模型进行了比较,例如多层感知器(MLP)和单个GCN模型。实验结果表明,BiLSTM-GCN模型在所有评估得分中均具有最佳性能。
京公网安备 11010802027423号