DeepAG: Attack Graph Construction and Threats Prediction With Bi-Directional Deep Learning
IEEE Transactions on Dependable and Secure Computing(2023)
摘要
The complicated multi-step attacks, such as Advanced Persistent Threats (APTs), have brought considerable threats to cybersecurity because they are naturally varied and complex. Therefore, studying the strategies of adversaries and making predictions are still significant challenges for attack prevention. To address these problems, we propose
DeepAG
, a framework utilizing system logs to detect threats and predict the attack paths.
DeepAG
leverages transformer models to novelly detect APT attack sequences by modeling semantic information of system logs. On the other hand,
DeepAG
utilizes Long Short-Term Memory (LSTM) network to propose bi-directional prediction for attack paths, which achieves higher performance than traditional BiLSTM. In addition, with previously detected attack sequences and predicted paths,
DeepAG
constructs the attack graphs that attackers may follow to compromise the network. Furthermore,
DeepAG
offers the mechanisms of Out-Of-Vocabulary (OOV) word processor and online update respectively to adapt new attack patterns that show up during detection and prediction stages. The experiments on open-source data sets show that more than 99% of over 15000 sequences can be detected accurately by
DeepAG
. Moreover,
DeepAG
can improve the baseline by 11.166% of accuracy in terms of prediction.
更多查看译文
关键词
Attack prediction,deep learning,transformer,LSTM,attack graph
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要