Research On Generation And Detection Of APT Attack Sequence Based On GAN

Advanced Persistent Threat(APT)has become one of the most serious network security problems because of its high risk and strong concealment.This thesis surveys the domestic and international research results of APT detection technology.It is found that the effects of existing detection methods are generally caused by two reasons.The first reason is the traditional detection methods still use intrusion detection to detect APT attacks.There is no distinction between APT attacks and other attacks.At the same time,the traditional method has weak correlation analysis for the entire APT attack process and cannot effectively analyze APT attacks with a long period,which results in a large number of false positives and false negatives.The second problem is that although some methods use emerging technologies such as machine learning and deep learning,detection methods are still common due to there is almost no complete set of APT attack datasets that can be used for model training.In order to solve the problem,this thesis proposes a method for generating and detecting APT attack sequences based on Generative Adversarial Networks to solve the above problems.The main tasks are:In this thesis,GAN is selected as the basis of the APT detection model architecture,and Long Short-Term Memory is used as the generator and discriminator of GAN.LSTM is a network model specially used for processing time series data.For APT Attacking such serialized data has a good processing effect.Secondly,two good models can be obtained through training methods of GANs fighting each other and playing games with each other.The generated models can be used to extend the existing APT attack data set and solve the problem of insufficient data.The detection model can be used to detect APT attack data,which effectively solves the problem that the traditional method has poor processing capability for time-series data.The initial data of the experiment in this thesis is a data set obtained by the KDD data set after dimensioning,classification,serialization and other operations.The data set conforms to the life cycle of APT attacks and has many types and numbers,which is conducive to model training and optimization.The experimental results show that compared with other methods,the method in this thesis improves the detection ability of serialized data,the accuracy rate is 70.45%,and it has good generalization ability.In addition,the generation model can also generate APT attack data through random noise,which facilitates the expansion of APT attack data and effectively solves the current lack of APT attack data sets.