DOI | Trouver le DOI : https://doi.org/10.1109/TrustCom53373.2021.00102 |
---|
Auteur | Rechercher : Mamun, Mohammad1; Rechercher : Shi, Kevin1 |
---|
Affiliation | - Conseil national de recherches du Canada. Technologies numériques
|
---|
Format | Texte, Article |
---|
Conférence | 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), October 20-22, 2021, Shenyang, China |
---|
Sujet | APT; anomaly detection; Process tree; deep learning; host based telemetry |
---|
Résumé | APT, known as Advanced Persistent Threat, is a difficult challenge for cyber defence. These threats make many traditional defences ineffective as the vulnerabilities exploited by these threats are insiders who have access to and are within the network. This paper proposes DeepTaskAPT, a heterogeneous task-tree based deep learning method to construct a baseline model based on sequences of tasks using a Long Short-Term Memory (LSTM) neural network that can be applied across different users to identify anomalous behaviour. Rather than applying the model to sequential log entries directly, as most current approaches do, DeepTaskAPT applies a process tree based task generation method to generate sequential log entries for the deep learning model. To assess the performance of DeepTaskAPT, we use a recently released synthetic dataset, DARPA Operationally Transparent Computing (OpTC) dataset and a real-world dataset, Los Alamos National Laboratory (LANL) dataset. Both of them are composed of host-based data collected from sensors. Our results show that DeepTaskAPT outperforms similar approaches e.g. DeepLog and the DeepTaskAPT baseline model demonstrate its capability to detect malicious traces in various attack scenarios while having high accuracy and low false-positive rates. To the best of knowledge this is the very first attempt of using recently introduced OpTC dataset for cyber threat detection. |
---|
Date de publication | 2021-10 |
---|
Maison d’édition | IEEE |
---|
Dans | |
---|
Langue | anglais |
---|
Publications évaluées par des pairs | Oui |
---|
Exporter la notice | Exporter en format RIS |
---|
Signaler une correction | Signaler une correction (s'ouvre dans un nouvel onglet) |
---|
Identificateur de l’enregistrement | d9436ded-1a58-46ff-b58a-a47db495378a |
---|
Enregistrement créé | 2022-05-09 |
---|
Enregistrement modifié | 2022-05-09 |
---|