A Causal Graph-Based Approach for APT Predictive Analytics
In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (AP...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-04-01
|
| Series: | Electronics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2079-9292/12/8/1849 |
| _version_ | 1797605640642756608 |
|---|---|
| author | Haitian Liu Rong Jiang |
| author_facet | Haitian Liu Rong Jiang |
| author_sort | Haitian Liu |
| collection | DOAJ |
| description | In recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (APT) audit log information and uses a combination of causal graphs and deep learning techniques to perform predictive analysis of APT. The study focuses on two different methods of constructing malicious activity scenarios, including those based on malicious entity evolving graphs and malicious entity neighborhood graphs. Deep learning networks are then utilized to learn from past malicious activity scenarios and predict specific malicious attack events. To validate the effectiveness of this approach, audit log data published by DARPA’s Transparent Computing Program and restored by ATLAS are used to demonstrate the confidence of the prediction results and recommend the most effective malicious event prediction by Top-N. |
| first_indexed | 2024-03-11T05:03:57Z |
| format | Article |
| id | doaj.art-5044cfb57d264c26871c9a0451212359 |
| institution | Directory Open Access Journal |
| issn | 2079-9292 |
| language | English |
| last_indexed | 2024-03-11T05:03:57Z |
| publishDate | 2023-04-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Electronics |
| spelling | doaj.art-5044cfb57d264c26871c9a04512123592023-11-17T19:01:45ZengMDPI AGElectronics2079-92922023-04-01128184910.3390/electronics12081849A Causal Graph-Based Approach for APT Predictive AnalyticsHaitian Liu0Rong Jiang1College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, ChinaCollege of Computer Science and Technology, National University of Defense Technology, Changsha 410073, ChinaIn recent years, complex multi-stage cyberattacks have become more common, for which audit log data are a good source of information for online monitoring. However, predicting cyber threat events based on audit logs remains an open research problem. This paper explores advanced persistent threat (APT) audit log information and uses a combination of causal graphs and deep learning techniques to perform predictive analysis of APT. The study focuses on two different methods of constructing malicious activity scenarios, including those based on malicious entity evolving graphs and malicious entity neighborhood graphs. Deep learning networks are then utilized to learn from past malicious activity scenarios and predict specific malicious attack events. To validate the effectiveness of this approach, audit log data published by DARPA’s Transparent Computing Program and restored by ATLAS are used to demonstrate the confidence of the prediction results and recommend the most effective malicious event prediction by Top-N.https://www.mdpi.com/2079-9292/12/8/1849APTcausal graphevolving graphneighborhood graphdeep learningprediction |
| spellingShingle | Haitian Liu Rong Jiang A Causal Graph-Based Approach for APT Predictive Analytics Electronics APT causal graph evolving graph neighborhood graph deep learning prediction |
| title | A Causal Graph-Based Approach for APT Predictive Analytics |
| title_full | A Causal Graph-Based Approach for APT Predictive Analytics |
| title_fullStr | A Causal Graph-Based Approach for APT Predictive Analytics |
| title_full_unstemmed | A Causal Graph-Based Approach for APT Predictive Analytics |
| title_short | A Causal Graph-Based Approach for APT Predictive Analytics |
| title_sort | causal graph based approach for apt predictive analytics |
| topic | APT causal graph evolving graph neighborhood graph deep learning prediction |
| url | https://www.mdpi.com/2079-9292/12/8/1849 |
| work_keys_str_mv | AT haitianliu acausalgraphbasedapproachforaptpredictiveanalytics AT rongjiang acausalgraphbasedapproachforaptpredictiveanalytics AT haitianliu causalgraphbasedapproachforaptpredictiveanalytics AT rongjiang causalgraphbasedapproachforaptpredictiveanalytics |