A Causal Graph-Based Approach for APT Predictive Analytics
In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (AP...
Gespeichert in:
| Veröffentlicht in: | Electronics (Basel) 2023-04, Vol.12 (8), p.1849 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | 8 |
| container_start_page | 1849 |
| container_title | Electronics (Basel) |
| container_volume | 12 |
| creator | Liu, Haitian Jiang, Rong |
| description | In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (APT) audit log information and uses a combination of causal graphs and deep learning techniques to perform predictive analysis of APT. The study focuses on two different methods of constructing malicious activity scenarios, including those based on malicious entity evolving graphs and malicious entity neighborhood graphs. Deep learning networks are then utilized to learn from past malicious activity scenarios and predict specific malicious attack events. To validate the effectiveness of this approach, audit log data published by DARPA’s Transparent Computing Program and restored by ATLAS are used to demonstrate the confidence of the prediction results and recommend the most effective malicious event prediction by Top-N. |
| doi_str_mv | 10.3390/electronics12081849 |
| format | Article |
| fullrecord | <record><control><sourceid>gale_proqu</sourceid><recordid>TN_cdi_proquest_journals_2806536986</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><galeid>A747443737</galeid><sourcerecordid>A747443737</sourcerecordid><originalsourceid>FETCH-LOGICAL-c361t-517c550f99f4000bafdf30ea9a4105ce450ae9d5168887491af1ef23ce71700e3</originalsourceid><addsrcrecordid>eNptULFOwzAQtRBIVKVfwGKJOcWO7dhmCxUUpEp0KHN0OGeaKk2CnSL173FVBgbuDXc6vbv39Ai55WwuhGX32KIbQ981LvKcGW6kvSCTnGmb2dzml3_mazKLccdSWS6MYBPyUNIFHCK0dBlg2GaPELGm5TCEHtyW-j7Qcr2h64B148bmG2nZQXsck9gNufLQRpz99il5f37aLF6y1dvydVGuMicKPmaKa6cU89Z6mYQ_wNdeMAQLkjPlUCoGaGvFC2OMlpaD5-hz4VBzzRiKKbk7_02evg4Yx2rXH0JyEavcsEKJwpoiseZn1ie0WDWd78cALqHGfeP6Dn2T9qWWWkqhE6ZEnA9c6GMM6KshNHsIx4qz6hRs9U-w4gdzp2w1</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2806536986</pqid></control><display><type>article</type><title>A Causal Graph-Based Approach for APT Predictive Analytics</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>MDPI - Multidisciplinary Digital Publishing Institute</source><creator>Liu, Haitian ; Jiang, Rong</creator><creatorcontrib>Liu, Haitian ; Jiang, Rong</creatorcontrib><description>In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (APT) audit log information and uses a combination of causal graphs and deep learning techniques to perform predictive analysis of APT. The study focuses on two different methods of constructing malicious activity scenarios, including those based on malicious entity evolving graphs and malicious entity neighborhood graphs. Deep learning networks are then utilized to learn from past malicious activity scenarios and predict specific malicious attack events. To validate the effectiveness of this approach, audit log data published by DARPA’s Transparent Computing Program and restored by ATLAS are used to demonstrate the confidence of the prediction results and recommend the most effective malicious event prediction by Top-N.</description><identifier>ISSN: 2079-9292</identifier><identifier>EISSN: 2079-9292</identifier><identifier>DOI: 10.3390/electronics12081849</identifier><language>eng</language><publisher>Basel: MDPI AG</publisher><subject>Analysis ; Audits ; Computer crimes ; Cybersecurity ; Data security ; Deep learning ; Graphs ; Machine learning ; Natural language ; Performance prediction ; Predictive analytics ; Semantics ; Threats</subject><ispartof>Electronics (Basel), 2023-04, Vol.12 (8), p.1849</ispartof><rights>COPYRIGHT 2023 MDPI AG</rights><rights>2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c361t-517c550f99f4000bafdf30ea9a4105ce450ae9d5168887491af1ef23ce71700e3</citedby><cites>FETCH-LOGICAL-c361t-517c550f99f4000bafdf30ea9a4105ce450ae9d5168887491af1ef23ce71700e3</cites><orcidid>0009-0001-5425-7851 ; 0000-0003-4160-8349</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>315,781,785,27926,27927</link.rule.ids></links><search><creatorcontrib>Liu, Haitian</creatorcontrib><creatorcontrib>Jiang, Rong</creatorcontrib><title>A Causal Graph-Based Approach for APT Predictive Analytics</title><title>Electronics (Basel)</title><description>In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (APT) audit log information and uses a combination of causal graphs and deep learning techniques to perform predictive analysis of APT. The study focuses on two different methods of constructing malicious activity scenarios, including those based on malicious entity evolving graphs and malicious entity neighborhood graphs. Deep learning networks are then utilized to learn from past malicious activity scenarios and predict specific malicious attack events. To validate the effectiveness of this approach, audit log data published by DARPA’s Transparent Computing Program and restored by ATLAS are used to demonstrate the confidence of the prediction results and recommend the most effective malicious event prediction by Top-N.</description><subject>Analysis</subject><subject>Audits</subject><subject>Computer crimes</subject><subject>Cybersecurity</subject><subject>Data security</subject><subject>Deep learning</subject><subject>Graphs</subject><subject>Machine learning</subject><subject>Natural language</subject><subject>Performance prediction</subject><subject>Predictive analytics</subject><subject>Semantics</subject><subject>Threats</subject><issn>2079-9292</issn><issn>2079-9292</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNptULFOwzAQtRBIVKVfwGKJOcWO7dhmCxUUpEp0KHN0OGeaKk2CnSL173FVBgbuDXc6vbv39Ai55WwuhGX32KIbQ981LvKcGW6kvSCTnGmb2dzml3_mazKLccdSWS6MYBPyUNIFHCK0dBlg2GaPELGm5TCEHtyW-j7Qcr2h64B148bmG2nZQXsck9gNufLQRpz99il5f37aLF6y1dvydVGuMicKPmaKa6cU89Z6mYQ_wNdeMAQLkjPlUCoGaGvFC2OMlpaD5-hz4VBzzRiKKbk7_02evg4Yx2rXH0JyEavcsEKJwpoiseZn1ie0WDWd78cALqHGfeP6Dn2T9qWWWkqhE6ZEnA9c6GMM6KshNHsIx4qz6hRs9U-w4gdzp2w1</recordid><startdate>20230401</startdate><enddate>20230401</enddate><creator>Liu, Haitian</creator><creator>Jiang, Rong</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L7M</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0009-0001-5425-7851</orcidid><orcidid>https://orcid.org/0000-0003-4160-8349</orcidid></search><sort><creationdate>20230401</creationdate><title>A Causal Graph-Based Approach for APT Predictive Analytics</title><author>Liu, Haitian ; Jiang, Rong</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c361t-517c550f99f4000bafdf30ea9a4105ce450ae9d5168887491af1ef23ce71700e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Analysis</topic><topic>Audits</topic><topic>Computer crimes</topic><topic>Cybersecurity</topic><topic>Data security</topic><topic>Deep learning</topic><topic>Graphs</topic><topic>Machine learning</topic><topic>Natural language</topic><topic>Performance prediction</topic><topic>Predictive analytics</topic><topic>Semantics</topic><topic>Threats</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Liu, Haitian</creatorcontrib><creatorcontrib>Jiang, Rong</creatorcontrib><collection>CrossRef</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Electronics (Basel)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Liu, Haitian</au><au>Jiang, Rong</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Causal Graph-Based Approach for APT Predictive Analytics</atitle><jtitle>Electronics (Basel)</jtitle><date>2023-04-01</date><risdate>2023</risdate><volume>12</volume><issue>8</issue><spage>1849</spage><pages>1849-</pages><issn>2079-9292</issn><eissn>2079-9292</eissn><abstract>In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (APT) audit log information and uses a combination of causal graphs and deep learning techniques to perform predictive analysis of APT. The study focuses on two different methods of constructing malicious activity scenarios, including those based on malicious entity evolving graphs and malicious entity neighborhood graphs. Deep learning networks are then utilized to learn from past malicious activity scenarios and predict specific malicious attack events. To validate the effectiveness of this approach, audit log data published by DARPA’s Transparent Computing Program and restored by ATLAS are used to demonstrate the confidence of the prediction results and recommend the most effective malicious event prediction by Top-N.</abstract><cop>Basel</cop><pub>MDPI AG</pub><doi>10.3390/electronics12081849</doi><orcidid>https://orcid.org/0009-0001-5425-7851</orcidid><orcidid>https://orcid.org/0000-0003-4160-8349</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2079-9292 |
| ispartof | Electronics (Basel), 2023-04, Vol.12 (8), p.1849 |
| issn | 2079-9292 2079-9292 |
| language | eng |
| recordid | cdi_proquest_journals_2806536986 |
| source | Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; MDPI - Multidisciplinary Digital Publishing Institute |
| subjects | Analysis Audits Computer crimes Cybersecurity Data security Deep learning Graphs Machine learning Natural language Performance prediction Predictive analytics Semantics Threats |
| title | A Causal Graph-Based Approach for APT Predictive Analytics |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-18T06%3A38%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-gale_proqu&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Causal%20Graph-Based%20Approach%20for%20APT%20Predictive%20Analytics&rft.jtitle=Electronics%20(Basel)&rft.au=Liu,%20Haitian&rft.date=2023-04-01&rft.volume=12&rft.issue=8&rft.spage=1849&rft.pages=1849-&rft.issn=2079-9292&rft.eissn=2079-9292&rft_id=info:doi/10.3390/electronics12081849&rft_dat=%3Cgale_proqu%3EA747443737%3C/gale_proqu%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2806536986&rft_id=info:pmid/&rft_galeid=A747443737&rfr_iscdi=true |