APT Detection

Advanced Persistent Threat (APT) detection focuses on identifying sophisticated, long-term cyberattacks that evade traditional security measures. Current research heavily utilizes machine learning, employing deep learning architectures like convolutional neural networks, autoencoders, and transformers, often applied to provenance graphs representing system activity to improve detection accuracy and reduce false positives. These methods aim to enhance the speed and effectiveness of threat identification, providing security teams with actionable insights and facilitating faster response times to minimize damage. The field is actively exploring techniques to improve model interpretability and adaptability to evolving attack strategies, ultimately contributing to more robust and resilient cybersecurity systems.

Papers

August 30, 2024

Hybridizing Base-Line 2D-CNN Model with Cat Swarm Optimization for Enhanced Advanced Persistent Threat Detection
Ali M. Bakhiet, Salah A. Aly
Convolutional Neural Network Full Model Advanced Persistent Threat Swarm Optimization APT Detection

June 27, 2024

Hack Me If You Can: Aggregating AutoEncoders for Countering Persistent Access Threats Within Highly Imbalanced Data
Sidahmed Benabderrahmane, Ngoc Hoang, Petko Valtchev, James Cheney, Talal Rahwan
Supervised Autoencoder Imbalanced Data Diverse Platform Advanced Persistent Threat APT Detection

June 8, 2024

RAPID: Robust APT Detection and Investigation Using Context-Aware Deep Learning
Yonatan Amaru, Prasanna Wudali, Yuval Elovici, Asaf Shabtai
Anomaly Detection Comprehensive Investigation Advanced Persistent Threat APT Detection

February 23, 2024

TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning
Mingqi Lv, HongZhe Gao, Xuebo Qiu, Tieming Chen, Tiantian Zhu, Jinyin Chen, Shouling Ji
Fine Grained Data Provenance TREC Total Recall Advanced Persistent Threat APT Tactic APT Detection Technique Recognition

November 9, 2023

LogShield: A Transformer-based APT Detection System Leveraging Self-Attention
Sihat Afnan, Mushtari Sadia, Shahrear Iqbal, Anindya Iqbal
Self Attention Data Provenance Transformer Based Architecture Advanced Persistent Threat APT Detection

October 15, 2023

MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning
Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, Mi Wen
Data Provenance LangId Magic Spell Advanced Persistent Threat Masked Graph APT Detection

June 13, 2023

Few-shot Multi-domain Knowledge Rearming for Context-aware Defence against Advanced Persistent Threats
Gaolei Li, Yuanyuan Zhao, Wenqi Wei, Yuchen Liu
Threat Intelligence Cross Domain Few Shot Learning Advanced Persistent Threat Enhancement Attack APT Detection

December 21, 2021

ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection
Md. Monowar Anjum, Shahrear Iqbal, Benoit Hamelin
New Framework Data Provenance Explainable Prediction APT Detection

APT Detection

Papers

Hybridizing Base-Line 2D-CNN Model with Cat Swarm Optimization for Enhanced Advanced Persistent Threat Detection

Hack Me If You Can: Aggregating AutoEncoders for Countering Persistent Access Threats Within Highly Imbalanced Data

RAPID: Robust APT Detection and Investigation Using Context-Aware Deep Learning

TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning

LogShield: A Transformer-based APT Detection System Leveraging Self-Attention

MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning

Few-shot Multi-domain Knowledge Rearming for Context-aware Defence against Advanced Persistent Threats

ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection