A Causal Graph-Based Approach for APT Predictive Analytics

A Causal Graph-Based Approach for APT Predictive Analytics

In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (AP...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Electronics (Basel) 2023-04, Vol.12 (8), p.1849
Hauptverfasser: Liu, Haitian, Jiang, Rong
Format: Artikel
Sprache:eng
Schlagworte:
Analysis
Audits
Computer crimes
Cybersecurity
Data security
Deep learning
Graphs
Machine learning
Natural language
Performance prediction
Predictive analytics
Semantics
Threats
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (APT) audit log information and uses a combination of causal graphs and deep learning techniques to perform predictive analysis of APT. The study focuses on two different methods of constructing malicious activity scenarios, including those based on malicious entity evolving graphs and malicious entity neighborhood graphs. Deep learning networks are then utilized to learn from past malicious activity scenarios and predict specific malicious attack events. To validate the effectiveness of this approach, audit log data published by DARPA’s Transparent Computing Program and restored by ATLAS are used to demonstrate the confidence of the prediction results and recommend the most effective malicious event prediction by Top-N.
ISSN:2079-9292
2079-9292
DOI:10.3390/electronics12081849