Litcius/Paper detail

TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning

Mingqi Lv, HongZhe Gao, Xuebo Qiu, Tieming Chen, Tiantian Zhu, Jinyin Chen, Shouling Ji

202419 citationsDOIOpen Access PDF

Abstract

APT (Advanced Persistent Threat) with the characteristics of persistence, stealth, and diversity is one of the greatest threats against cyber-infrastructure. As a countermeasure, existing studies leverage provenance graphs to capture the complex relations between system entities in a host for effective APT detection. In addition to detecting single attack events as most existing work does, understanding the tactics / techniques (e.g., Kill-Chain, ATT&CK) applied to organize and accomplish the APT attack campaign is also important for security operations. Existing studies try to manually design a set of rules to map low-level system events to high-level APT tactics / techniques. However, the rule based methods are coarse-grained and lack generalization ability. Thus, they can only recognize APT tactics and have difficulty in identifying APT techniques. They also cannot adapt to mutant behaviors of existing APT tactics / techniques.

Topics & Concepts

Computer scienceLeverage (statistics)Artificial intelligenceMachine learningMalwareGeneralizationData miningComputer securityMathematicsMathematical analysisInformation and Cyber SecurityNetwork Security and Intrusion DetectionAdvanced Malware Detection Techniques
TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning | Litcius