| 基于GAN-LSTM的APT攻击检测 |
| |
| 引用本文: | 刘海波,武天博,沈晶,史长亭.基于GAN-LSTM的APT攻击检测[J].计算机科学,2020,47(1):281-286. |
| |
| 作者姓名: | 刘海波 武天博 沈晶 史长亭 |
| |
| 作者单位: | 哈尔滨工程大学计算机科学与技术学院 哈尔滨 150000;哈尔滨工程大学计算机科学与技术学院 哈尔滨 150000;哈尔滨工程大学计算机科学与技术学院 哈尔滨 150000;哈尔滨工程大学计算机科学与技术学院 哈尔滨 150000 |
| |
| 基金项目: | 黑龙江省自然科学基金;中央高校基本科研业务费专项资金 |
| |
| 摘 要: | 高级持续性威胁(Advanced Persistent Threat,APT)带来的危害日趋严重。传统的APT检测方法针对的攻击模式比较单一,处理的APT攻击的时间跨度相对较短,没有完全体现出APT攻击的时间序列性,因此当攻击数据样本较少、攻击持续时间较长时准确率很低。为了解决这个问题,文中提出了基于生成式对抗网络(Generative Adversarial Netwokrs,GAN)和长短期记忆网络(Long Short-term Memory,LSTM)的APT攻击检测方法。一方面,基于GAN模拟生成攻击数据,为判别模型生成大量攻击样本,从而提升模型的准确率;另一方面,基于LSTM模型的记忆单元和门结构保证了APT攻击序列中存在相关性且时间间距较大的序列片段之间的特征记忆。利用Keras开源框架进行模型的构建与训练,以准确率、误报率、ROC曲线等技术指标,对攻击数据生成和APT攻击序列检测分别进行对比实验分析。通过生成式模型生成模拟攻击数据进而优化判别式模型,使得原有判别模型的准确率提升了2.84%,与基于循环神经网络(Recurrent Neural Network,RNN)的APT攻击序列检测方法相比,文中方法在检测准确率上提高了0.99个百分点。实验结果充分说明了基于GAN-LSTM的APT攻击检测算法可以通过引入生成式模型来提升样本容量,从而提高判别模型的准确率并减少误报率;同时,相较于其他时序结构,利用LSTM模型检测APT攻击序列有更好的准确率和更低的误报率,从而验证了所提方法的可行性和有效性。
|
| 关 键 词: | 网络安全 博弈论 高级持续性威胁 生成式对抗网络 长短期记忆网络 |
Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory |
| |
| LIU Hai-bo,WU Tian-bo,SHEN Jing,SHI Chang-ting.Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory[J].Computer Science,2020,47(1):281-286. |
| |
| Authors: | LIU Hai-bo WU Tian-bo SHEN Jing SHI Chang-ting |
| |
| Affiliation: | (College of Computer Science and Technology,Harbin Engineering University,Harbin 150000,China) |
| |
| Abstract: | Advanced persistent threat(APT)brings more and more serious harm.Traditional APT detection methods have a lower accuracy when the attack data samples are fewer and the attack duration is longer.To solve this problem,an ATP attack detection method based on generative adversarial networks(GAN)and long short-term memory(LSTM)was proposed.On the one hand,this method generates attack data based on GAN simulation,generates a large number of attack samples for discriminant model,and improves the accuracy of the model.On the other hand,the memory unit and gate structure based on LSTM model guarantee the feature memory among the sequence fragments which have correlation and large time interval in APT attack sequence.Keras open source framework was used to construct and train the model,and Accuracy,FPR,ROC curve were used as metric to compare,test and analyze the methods of attack data generation and APT attack sequence detection.By generating simulated attack data and optimizing the discriminant model,the accuracy of the original discriminant model is improved by 2.84%,and the accuracy of APT attack sequence detection is improved by 0.99%comparing with the recurrent neural network(RNN)model.The experimental results fully show that APT attack detection algorithm based on GAN-LSTM can improve the accuracy of discriminant model and reduce false alarm rate by introducing generative model to increase sample size,and the detection of APT attack sequence using LSTM model has better accuracy and lower false alarm rate than other temporal structures,which shows the feasibility and validity of the proposed method. |
| |
| Keywords: | Network security Game theory Advanced persistent threat Generative adversarial networks Long short-term memory |
| 本文献已被 维普 万方数据 等数据库收录! |
|
