| In recent years,Advanced Persistent Threat(APT),as a new type of computer network attack,has frequently appeared in the process of government communications,enterprise production and equipment operation,and has caused a series of serious problems such as information disclosure,property loss,equipment damage,etc.At the same time,APT also has strong concealment,long-term persistence and obvious pertinence.These characteristics increase the difficulty of detection to a certain extent.Detecting APT precisely and responding timely has gradually become a hot issue in computer science,data science,national security and other fields.In the process of APT detection,the provenance graph based on the computer system log is a common analysis method for detection because of its strong semantic representation and log reconstruction capabilities.At the same time,since the graph neural network that has emerged in recent years has strong graph representation and learning ability and prediction ability,this research attempts to detect and discover APT by using RGCN model and boosting integration method.In addtition,the research also summarizes and compares the application effects of this model and other commonly used classical models in multiple scenarios.After modeling,detection and effect evaluation,it is found that the detection effect of the model proposed in this research has been significantly improved in most scenarios.The improvement mainly lies in the increase of the detection recall rate and the decrease of the false positive rate.The above results mean that the detection model based on RGCN and ensemble learning method can be very effectively applied in actual scenarios.While improving the detection accuracy,it also reduces the workload of manual review.It can be used as a new idea and method for APT detection. |
PDF Full Text Request