Toward Identifying APT Malware through API System Calls

Wei, Chaoxian; Li, Qiang; Guo, Dong; Meng, Xiangyu

doi:10.1155/2021/8077220

Cited by 11 publications

(11 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In terms of machine learning and deep learning applications, Ishai R et al [10] traced APT organizations using deep neural networks (DNN). Wei C et al [11] extracted API system calls as features and employed a dynamic LSTM algorithm with attention mechanism to classify these APT malware organizations. Chen Y et al [12] extracted PE static features and applied deep forests and convolutional neural networks to identify APT malware organizations.…”

Section: Related Workmentioning

confidence: 99%

Research on deep-learning-based techniques for advanced persistent threat malware detection and attribution

Wang,

2024

Fourth International Conference on Sensors and Information Technology (ICSI 2024)

View full text Add to dashboard Cite

Advanced Persistent Threat attacks(APT) are targeted attacks launched by professional hacker organizations using advanced techniques, resulting in significant harm. Therefore, there is an urgent need to detect APT malware and trace their associated organizations. This paper proposes an improved Transformer-based method for APT malware detection and attribution. In terms of detection, dynamic behaviors of APT malware are extracted, and an information filtering gate mechanism is applied to reduce redundant feature noise in the original Transformer model. A contrastive learningconstrained model is used for information filtering, self-training, and optimization. In terms of attribution, static features of APT malware samples are extracted, global features of sequence data are established using the Transformer model, local features are constructed using Incremental Dilated Convolutional Neural Network, and features are fused using attention mechanism. This method outperforms the baseline methods.

show abstract

Section: Related Workmentioning

confidence: 99%

Research on deep-learning-based techniques for advanced persistent threat malware detection and attribution

Wang,

2024

Fourth International Conference on Sensors and Information Technology (ICSI 2024)

View full text Add to dashboard Cite

show abstract

“…In [12], researchers developed a traceability system, from the perspective of the calling relationship between hosts and processes, to detect anomalies by monitoring the calling relationship. Some provenance tracking systems are proposed to monitor and analyse the activities of the system [13][14][15][16]. However, the long time interval and low-profile characteristics of complex behaviours of APT kind of unknown attacks make them still face the low detecting success rate problem.…”

Section: Related Workmentioning

confidence: 99%

Detecting Unknown Threat Based on Continuous-Time Dynamic Heterogeneous Graph Network

Gao

Yang

Zhang

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Unknown threats have caused severe damage in critical infrastructures. To solve this issue, the graph-based methods have been proposed because of their ability for learning complex interaction patterns of network entities with discrete graph snapshots. However, such methods are challenged by the computer networking model characterized by the natural continuous-time dynamic heterogeneous graph (CDHG). In this paper, we propose a CDHG-based graph neural network model, namely, CDHGN, for unknown threat detection. It first constructs the CDHG using interaction relationships among network entities extracted from various log records. Then, it trains the detection model based on a heterogeneous attention network and performs streaming detection for live online network events. We implement a prototype and conduct extensive experiments on a comprehensive cybersecurity dataset with more than nine million records. Experimental result shows that the proposed method can achieve superior detection performance than the state-of-the-art methods.

show abstract

“…These kinds of attacks are the most damaging and worrying type of attack because they are difficult to detect and are continuously attempted [4][5][6][7][8]. These attacks come through the vulnerable system in the network, and even if the system containing important assets is primarily protected from the attacker, the system cannot be protected if it is accessible through the vulnerable system inside the network [4][5][6][7][8][9][10][11][12].…”

Section: Introductionmentioning

confidence: 99%

“…Recently, in particular, as the Internet of Things (IoT) has been widely used, more and more vulnerable systems have proliferated inside the network [9][10][11][12][13]. As the risk of cyberattacks increases, companies and institutions are introducing various security systems to protect information assets, and are making efforts to maintain a safe network.…”

Section: Introductionmentioning

confidence: 99%

“…As the risk of cyberattacks increases, companies and institutions are introducing various security systems to protect information assets, and are making efforts to maintain a safe network. However, responding to the latest attack types that are continuously evolving and developing still remain a difficult problem [2,3,[8][9][10][11][12]. In particular, the exponentially increasing vulnerabilities of the latest systems are becoming obstacles in keeping the system safe from cyberattacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Attack Graph Generation with Machine Learning for Network Security

et al. 2022

View full text Add to dashboard Cite

Recently, with the discovery of various security threats, diversification of hacking attacks, and changes in the network environment such as the Internet of Things, security threats on the network are increasing. Attack graph is being actively studied to cope with the recent increase in cyber threats. However, the conventional attack graph generation method is costly and time-consuming. In this paper, we propose a cheap and simple method for generating the attack graph. The proposed approach consists of learning and generating stages. First, it learns how to generate an attack path from the attack graph, which is created based on the vulnerability database, using machine learning and deep learning. Second, it generates the attack graph using network topology and system information with a machine learning model that is trained with the attack graph generated from the vulnerability database. We construct the dataset for attack graph generation with topological and system information. The attack graph generation problem is recast as a multi-output learning and binary classification problem. It shows attack path detection accuracy of 89.52% in the multi-output learning approach and 80.68% in the binary classification approach using the in-house dataset, respectively.

show abstract

Toward Identifying APT Malware through API System Calls

Cited by 11 publications

References 31 publications

Research on deep-learning-based techniques for advanced persistent threat malware detection and attribution

Research on deep-learning-based techniques for advanced persistent threat malware detection and attribution

Detecting Unknown Threat Based on Continuous-Time Dynamic Heterogeneous Graph Network

Attack Graph Generation with Machine Learning for Network Security

Contact Info

Product

Resources

About