Computer Science ›› 2020, Vol. 47 ›› Issue (1): 281-286.doi: 10.11896/jsjkx.181102103

• Information Security • Previous Articles     Next Articles

Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory

LIU Hai-bo,WU Tian-bo,SHEN Jing,SHI Chang-ting   

  1. (College of Computer Science and Technology,Harbin Engineering University,Harbin 150000,China)
  • Received:2018-11-15 Published:2020-01-19
  • About author:LIU Hai-bo,born in 1976,Ph.D,asso-ciate professor,is a member of China Computer Federation (CCF).His research interests include intelligence computing and information security;SHEN Jing,born in 1969,Ph.D,associate professor,is member of China Computer Federation (CCF).Her research interests include machine learning.
  • Supported by:
    This work was supported by the Natural Science Foundation of Heilongjiang Province of China (F2018011),Fundamental Research Funds for the Central Universities of Ministry of Education of China (HEUCFP201808,HEUCFP201838).

Abstract: Advanced persistent threat (APT) brings more and more serious harm.Traditional APT detection methods have a lower accuracy when the attack data samples are fewer and the attack duration is longer.To solve this problem,an ATP attack detection method based on generative adversarial networks (GAN) and long short-term memory (LSTM) was proposed.On the one hand,this method generates attack data based on GAN simulation,generates a large number of attack samples for discriminant model,and improves the accuracy of the model.On the other hand,the memory unit and gate structure based on LSTM modelguarantee the feature memory among the sequence fragments which have correlation and large time interval in APT attack sequence.Keras open source framework was used to construct and train the model,and Accuracy,FPR,ROC curve were used as metric to compare,test and analyze the methods of attack data generation and APT attack sequence detection.By generating simulated attack data and optimizing the discriminant model,the accuracy of the original discriminant model is improved by 2.84%,and the accuracy of APT attack sequence detection is improved by 0.99% comparing with the recurrent neural network (RNN) model.The experimental results fully show that APT attack detection algorithm based on GAN-LSTM can improve the accuracy of discriminant model and reduce false alarm rate by introducing generative model to increase sample size,and the detection of APT attack sequence using LSTM model has better accuracy and lower false alarm rate than other temporal structures,which shows the feasibility and validity of the proposed method.

Key words: Advanced persistent threat, Game theory, Generative adversarial networks, Long short-term memory, Network security

CLC Number: 

  • TP393
[1]ZENG W L,LI G H,CHEN J W.A Model of Network Security Protection System Based on APT Intrusion and Its Key Technologies[J].Journal of Modern Electronics Technology,2013,36(17):78-80.
[2]LIU X.APT Attack Detection and Defense in Data Context [J].Network and Information Engineering,2014,30(2):80-81.
[3]LI F H.Research on Anti-APT Attack Scheme of High-level Security Network [J].Information Network Security,2014(9):109-114.
[4]GOODFELLOW I J.Generative Adversarial Nets[C]∥Ad- vances in Neural Information Processing Systems.2014:2672-2680.
[5]SALIMANS T,GOODFELLOW I.Improved Techniques for Training GANs[J].arXiv:1606.03498.
[6]RADFORD A.Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks [J].ar-Xiv:1511.06434.
[7]MIRZA M.Conditional Generative Adversarial Nets[J].arXiv:1411.1784v1.
[8]GOODFELLOW I.NIPS 2016 Tutorial:Generative Adversarial Networks[J].arXiv:1701.00160.
[9]ARORA S,GE R,LIANG Y Y,et al.Generalization and Equi-librium in Generative Adversarial Nets[J].arXiv:1703.00573.
[10]GULRAJANI I,AHMED F,ARJOVSKY M,et al.Improved Training of Wasserstein GANs[J].arXiv:1704.00028v3.
[11]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Springer Berlin Heidelberg,2012,8(8):1735-1780.
[12]SOCHER R,PERELYGIN A,WU J Y,et al.Recursive deep models for semantic composotionality over a sentiment treebank[C]∥Proc of the Conference on Empirical Methods in Natural Language Processing.Seattle,USA:ACL,2013:1631-1642.
[13]LECUN Y,BENGIO Y,HINTON G.Deep learning[J].Na- ture,2015,521(7553):436-444.
[14]CHO K,VAN MERRIENBOER B,BAHDANAU D,et al.On the properties of neural machine translation:encoderdecoder approaches[J].arXiv:1409.1259v2.
[15]DONG C,CHEN C L,HE K,et al.Image super-resolution using deep convolutional networks[J].IEEE Transactions on Pattern Analysis & Machine Intelligence,2016,38(2):295-307.
[16]MNIH V,HEESS N,GRAVES A.Recurrent models of visual attention[M]∥Advances in Neural Information Processing Systems.Massachusetts:MIT Press,2014:2204-2212.
[17]BAHDANAU D,CHO K,BENGIO Y.Neural machine translation by jointly learning to align and translate[J].arXiv:1409.0473.
[18]MIKOLOV T,CHEN K,CORRADO G,et al.Efficient estimation of word representations in vector space[J].arXiv:1301.3781.
[1] LIU Jie-ling, LING Xiao-bo, ZHANG Lei, WANG Bo, WANG Zhi-liang, LI Zi-mu, ZHANG Hui, YANG Jia-hai, WU Cheng-nan. Network Security Risk Assessment Framework Based on Tactical Correlation [J]. Computer Science, 2022, 49(9): 306-311.
[2] JIANG Yang-yang, SONG Li-hua, XING Chang-you, ZHANG Guo-min, ZENG Qing-wei. Belief Driven Attack and Defense Policy Optimization Mechanism in Honeypot Game [J]. Computer Science, 2022, 49(9): 333-339.
[3] WANG Xin-tong, WANG Xuan, SUN Zhi-xin. Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network [J]. Computer Science, 2022, 49(8): 314-322.
[4] ZHAO Dong-mei, WU Ya-xing, ZHANG Hong-bin. Network Security Situation Prediction Based on IPSO-BiLSTM [J]. Computer Science, 2022, 49(7): 357-362.
[5] DU Hong-yi, YANG Hua, LIU Yan-hong, YANG Hong-peng. Nonlinear Dynamics Information Dissemination Model Based on Network Media [J]. Computer Science, 2022, 49(6A): 280-284.
[6] LYU Peng-peng, WANG Shao-ying, ZHOU Wen-fang, LIAN Yang-yang, GAO Li-fang. Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network [J]. Computer Science, 2022, 49(6A): 588-593.
[7] FANG Tao, YANG Yang, CHEN Jia-xin. Optimization of Offloading Decisions in D2D-assisted MEC Networks [J]. Computer Science, 2022, 49(6A): 601-605.
[8] WANG Shan, XU Chu-yi, SHI Chun-xiang, ZHANG Ying. Study on Cloud Classification Method of Satellite Cloud Images Based on CNN-LSTM [J]. Computer Science, 2022, 49(6A): 675-679.
[9] KANG Yan, XU Yu-long, KOU Yong-qi, XIE Si-yu, YANG Xue-kun, LI Hao. Drug-Drug Interaction Prediction Based on Transformer and LSTM [J]. Computer Science, 2022, 49(6A): 17-21.
[10] DENG Kai, YANG Pin, LI Yi-zhou, YANG Xing, ZENG Fan-rui, ZHANG Zhen-yu. Fast and Transmissible Domain Knowledge Graph Construction Method [J]. Computer Science, 2022, 49(6A): 100-108.
[11] XU Guo-ning, CHEN Yi-peng, CHEN Yi-ming, CHEN Jin-yin, WEN Hao. Data Debiasing Method Based on Constrained Optimized Generative Adversarial Networks [J]. Computer Science, 2022, 49(6A): 184-190.
[12] WANG Fei, HUANG Tao, YANG Ye. Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion [J]. Computer Science, 2022, 49(6A): 784-789.
[13] XU Hao, CAO Gui-jun, YAN Lu, LI Ke, WANG Zhen-hong. Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container [J]. Computer Science, 2022, 49(6): 39-43.
[14] XU Hui, KANG Jin-meng, ZHANG Jia-wan. Digital Mural Inpainting Method Based on Feature Perception [J]. Computer Science, 2022, 49(6): 217-223.
[15] DOU Zhi, WANG Ning, WANG Shi-jie, WANG Zhi-hui, LI Hao-jie. Sketch Colorization Method with Drawing Prior [J]. Computer Science, 2022, 49(4): 195-202.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!