计算机科学

计算机科学 ›› 2020, Vol. 47 ›› Issue (1): 281-286.doi: 10.11896/jsjkx.181102103

• 信息安全 • 上一篇    下一篇

基于GAN-LSTM的APT攻击检测

刘海波,武天博,沈晶,史长亭   

  1. (哈尔滨工程大学计算机科学与技术学院 哈尔滨150000)
  • 收稿日期:2018-11-15 发布日期:2020-01-19
  • 通讯作者: 沈晶(shenjing@hrbeu.edu.cn)
  • 基金资助:
    黑龙江省自然科学基金(F2018011);中央高校基本科研业务费专项资金(HEUCFP201808,HEUCFP201838)

Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory

LIU Hai-bo,WU Tian-bo,SHEN Jing,SHI Chang-ting   

  1. (College of Computer Science and Technology,Harbin Engineering University,Harbin 150000,China)
  • Received:2018-11-15 Published:2020-01-19
  • About author:LIU Hai-bo,born in 1976,Ph.D,asso-ciate professor,is a member of China Computer Federation (CCF).His research interests include intelligence computing and information security;SHEN Jing,born in 1969,Ph.D,associate professor,is member of China Computer Federation (CCF).Her research interests include machine learning.
  • Supported by:
    This work was supported by the Natural Science Foundation of Heilongjiang Province of China (F2018011),Fundamental Research Funds for the Central Universities of Ministry of Education of China (HEUCFP201808,HEUCFP201838).

PDF (PC)

1345

摘要: 高级持续性威胁(Advanced Persistent Threat,APT)带来的危害日趋严重。传统的APT检测方法针对的攻击模式比较单一,处理的APT攻击的时间跨度相对较短,没有完全体现出APT攻击的时间序列性,因此当攻击数据样本较少、攻击持续时间较长时准确率很低。为了解决这个问题,文中提出了基于生成式对抗网络(Generative Adversarial Netwokrs,GAN)和长短期记忆网络(Long Short-term Memory,LSTM)的APT攻击检测方法。一方面,基于GAN模拟生成攻击数据,为判别模型生成大量攻击样本,从而提升模型的准确率;另一方面,基于LSTM模型的记忆单元和门结构保证了APT攻击序列中存在相关性且时间间距较大的序列片段之间的特征记忆。利用Keras开源框架进行模型的构建与训练,以准确率、误报率、ROC曲线等技术指标,对攻击数据生成和APT攻击序列检测分别进行对比实验分析。通过生成式模型生成模拟攻击数据进而优化判别式模型,使得原有判别模型的准确率提升了2.84%,与基于循环神经网络(Recurrent Neural Network,RNN)的APT攻击序列检测方法相比,文中方法在检测准确率上提高了0.99个百分点。实验结果充分说明了基于GAN-LSTM的APT攻击检测算法可以通过引入生成式模型来提升样本容量,从而提高判别模型的准确率并减少误报率;同时,相较于其他时序结构,利用LSTM模型检测APT攻击序列有更好的准确率和更低的误报率,从而验证了所提方法的可行性和有效性。

关键词: 博弈论, 长短期记忆网络, 高级持续性威胁, 生成式对抗网络, 网络安全

Abstract: Advanced persistent threat (APT) brings more and more serious harm.Traditional APT detection methods have a lower accuracy when the attack data samples are fewer and the attack duration is longer.To solve this problem,an ATP attack detection method based on generative adversarial networks (GAN) and long short-term memory (LSTM) was proposed.On the one hand,this method generates attack data based on GAN simulation,generates a large number of attack samples for discriminant model,and improves the accuracy of the model.On the other hand,the memory unit and gate structure based on LSTM modelguarantee the feature memory among the sequence fragments which have correlation and large time interval in APT attack sequence.Keras open source framework was used to construct and train the model,and Accuracy,FPR,ROC curve were used as metric to compare,test and analyze the methods of attack data generation and APT attack sequence detection.By generating simulated attack data and optimizing the discriminant model,the accuracy of the original discriminant model is improved by 2.84%,and the accuracy of APT attack sequence detection is improved by 0.99% comparing with the recurrent neural network (RNN) model.The experimental results fully show that APT attack detection algorithm based on GAN-LSTM can improve the accuracy of discriminant model and reduce false alarm rate by introducing generative model to increase sample size,and the detection of APT attack sequence using LSTM model has better accuracy and lower false alarm rate than other temporal structures,which shows the feasibility and validity of the proposed method.

Key words: Advanced persistent threat, Game theory, Generative adversarial networks, Long short-term memory, Network security

中图分类号: 

  • TP393
[1]ZENG W L,LI G H,CHEN J W.A Model of Network Security Protection System Based on APT Intrusion and Its Key Technologies[J].Journal of Modern Electronics Technology,2013,36(17):78-80.
[2]LIU X.APT Attack Detection and Defense in Data Context [J].Network and Information Engineering,2014,30(2):80-81.
[3]LI F H.Research on Anti-APT Attack Scheme of High-level Security Network [J].Information Network Security,2014(9):109-114.
[4]GOODFELLOW I J.Generative Adversarial Nets[C]∥Ad- vances in Neural Information Processing Systems.2014:2672-2680.
[5]SALIMANS T,GOODFELLOW I.Improved Techniques for Training GANs[J].arXiv:1606.03498.
[6]RADFORD A.Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks [J].ar-Xiv:1511.06434.
[7]MIRZA M.Conditional Generative Adversarial Nets[J].arXiv:1411.1784v1.
[8]GOODFELLOW I.NIPS 2016 Tutorial:Generative Adversarial Networks[J].arXiv:1701.00160.
[9]ARORA S,GE R,LIANG Y Y,et al.Generalization and Equi-librium in Generative Adversarial Nets[J].arXiv:1703.00573.
[10]GULRAJANI I,AHMED F,ARJOVSKY M,et al.Improved Training of Wasserstein GANs[J].arXiv:1704.00028v3.
[11]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Springer Berlin Heidelberg,2012,8(8):1735-1780.
[12]SOCHER R,PERELYGIN A,WU J Y,et al.Recursive deep models for semantic composotionality over a sentiment treebank[C]∥Proc of the Conference on Empirical Methods in Natural Language Processing.Seattle,USA:ACL,2013:1631-1642.
[13]LECUN Y,BENGIO Y,HINTON G.Deep learning[J].Na- ture,2015,521(7553):436-444.
[14]CHO K,VAN MERRIENBOER B,BAHDANAU D,et al.On the properties of neural machine translation:encoderdecoder approaches[J].arXiv:1409.1259v2.
[15]DONG C,CHEN C L,HE K,et al.Image super-resolution using deep convolutional networks[J].IEEE Transactions on Pattern Analysis & Machine Intelligence,2016,38(2):295-307.
[16]MNIH V,HEESS N,GRAVES A.Recurrent models of visual attention[M]∥Advances in Neural Information Processing Systems.Massachusetts:MIT Press,2014:2204-2212.
[17]BAHDANAU D,CHO K,BENGIO Y.Neural machine translation by jointly learning to align and translate[J].arXiv:1409.0473.
[18]MIKOLOV T,CHEN K,CORRADO G,et al.Efficient estimation of word representations in vector space[J].arXiv:1301.3781.
[1] 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠.
基于战术关联的网络安全风险评估框架
Network Security Risk Assessment Framework Based on Tactical Correlation
计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[2] 姜洋洋, 宋丽华, 邢长友, 张国敏, 曾庆伟.
蜜罐博弈中信念驱动的攻防策略优化机制
Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game
计算机科学, 2022, 49(9): 333-339. https://doi.org/10.11896/jsjkx.220400011
[3] 王磊, 李晓宇.
基于随机洋葱路由的LBS移动隐私保护方案
LBS Mobile Privacy Protection Scheme Based on Random Onion Routing
计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077
[4] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[5] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[6] 康雁, 徐玉龙, 寇勇奇, 谢思宇, 杨学昆, 李浩.
基于Transformer和LSTM的药物相互作用预测
Drug-Drug Interaction Prediction Based on Transformer and LSTM
计算机科学, 2022, 49(6A): 17-21. https://doi.org/10.11896/jsjkx.210400150
[7] 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓.
一种可快速迁移的领域知识图谱构建方法
Fast and Transmissible Domain Knowledge Graph Construction Method
计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
[8] 徐国宁, 陈奕芃, 陈一鸣, 陈晋音, 温浩.
基于约束优化生成式对抗网络的数据去偏方法
Data Debiasing Method Based on Constrained Optimized Generative Adversarial Networks
计算机科学, 2022, 49(6A): 184-190. https://doi.org/10.11896/jsjkx.210400234
[9] 陶礼靖, 邱菡, 朱俊虎, 李航天.
面向网络安全训练评估的受训者行为描述模型
Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment
计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048
[10] 王飞, 黄涛, 杨晔.
基于Stacking多模型融合的IGBT器件寿命的机器学习预测算法研究
Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion
计算机科学, 2022, 49(6A): 784-789. https://doi.org/10.11896/jsjkx.210400030
[11] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[12] 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳.
基于进化神经网络的电力信息网安全态势量化方法
Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network
计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151
[13] 方韬, 杨旸, 陈佳馨.
D2D辅助移动边缘计算下的卸载策略优化
Optimization of Offloading Decisions in D2D-assisted MEC Networks
计算机科学, 2022, 49(6A): 601-605. https://doi.org/10.11896/jsjkx.210200114
[14] 胥昊, 曹桂均, 闫璐, 李科, 王振宏.
面向铁路集装箱的高可靠低时延无线资源分配算法
Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container
计算机科学, 2022, 49(6): 39-43. https://doi.org/10.11896/jsjkx.211200143
[15] 高堰泸, 徐圆, 朱群雄.
基于A-DLSTM夹层网络结构的电能消耗预测方法
Predicting Electric Energy Consumption Using Sandwich Structure of Attention in Double -LSTM
计算机科学, 2022, 49(3): 269-275. https://doi.org/10.11896/jsjkx.210100006
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发