隐私保护的基于图卷积神经网络的攻击溯源方法

APT(advanced persistent threat)攻击潜伏时间长,目的性强,会通过变种木马、勒索病毒、组建僵尸网络等手段从内部瓦解企业安全堡垒.但现有攻击溯源方法都只针对单一日志或流量数据,这导致了无法追溯多阶段攻击的完整过程.并且因为日志条目间关系复杂,日志关系图中会产生严重的状态爆炸问题,导致难以对攻击进行准确的分类识别.同时,在利用日志及流量数据进行攻击溯源过程中,很少考虑到数据隐私保护问题.为解决这些问题,提出了一种具有隐私保护的基于图卷积神经网络的攻击溯源方法.通过监督学习解决了因多日志关系连接导致的状态爆炸,对Louvain社区发现算法进行优化从而提高了检测速度及准确性,利用图卷积神经网络对攻击进行有效的分类,并结合属性基加密实现了日志数据的隐私保护.通过复现4种APT攻击测试方法来检测速度和效率.实验结果表明:该方法的检测时间最多可有90%的缩减,攻击溯源准确率可达92%.

Privacy-Preserving Network Attack Provenance Based on Graph Convolutional Neural Network

APT(advanced persistent threat)attacks have a long incubation time and a vital purpose.It can destroy the inside s enterprise security fortress,employing variant Trojans,ransomware,and botnet.However,the existing attack source tracing methods only target a single log or traffic data,making it impossible to trace the complete process of multi-stage attacks.Because of the complicated log relationship,serious state explosion problems will occur in the log relationship graph,making it difficult to classify and identify attacks accurately.Simultaneously,data privacy protection is rarely considered in using log and traffic data for attack tracing approaches.We propose an attack tracing method based on a Graph Convolutional Network(GCN)with user data privacy protection to solve these problems.Supervised learning solves the state explosion caused by multiple log relationship connections,optimizing the Louvain community discovery algorithm to improve detection speed and accuracy.Moreover,using map neural networks to attack classification effectively and combining privacy protection scheme leveraging CP-ABE(Ciphertext-Policy Attribute Based Encryption)properties realize log data secure sharing in public cloud.In this paper,the detection speed and efficiency of four APT attack testing methods are reproduced.Experimental results show that the detection time of this method can be reduced by 90%at most,and the accuracy can reach 92%.