Research On Advanced Persistent Threat Detection Based On Generative Adversarial Networks And Long Short-term Memory

Advanced Persistent Threat(APT)brings more and more serious harm.Traditional APT detection methods have a lower accuracy when the attack data samples are fewer and the attack duration is longer.To solve this problem,an ATP attack detection method based on Generative Adversarial Networks(GAN)and Long Short-Term Memory(LSTM)is proposed.On the one hand,generating attack data based on GAN simulation,generating a large number of attack samples for the discriminant model;On the other hand,the introduction of memory unit,gate structure and attention mechanism based on LSTM model guarantees the feature memory among the sequence fragments of APT attack sequence,which have correlation and large time interval.The Keras open source framework was used to construct and train the model,and the comparison experiments were carried out for attack data generation and APT attack sequence detection.The experiments were compared according to the accuracy,false positive rate and ROC curve.By attacking data generation experiments,using the generated model to generate simulated attack data and optimizing the discriminant model,the accuracy of the original discriminant model is improved.Through the attack sequence detection experiment,the long-short-term memory network is used to detect the longer APT sequence.High accuracy is guaranteed.The experimental results fully show that APT attack detection algorithm based on GAN-LSTM can improve the accuracy of discriminant model and reduce false alarm rate by introducing generative model to increase sample size,and that the detection of APT attack sequence using LSTM model has better accuracy and lower false alarm rate than other temporal models,which shows the feasibility and validity of the method.