4.6 Article

DeepAG: Attack Graph Construction and Threats Prediction With Bi-Directional Deep Learning

Journal

Publisher

IEEE COMPUTER SOC
DOI: 10.1109/TDSC.2022.3143551

Keywords

Semantics; Predictive models; Web servers; Deep learning; Hidden Markov models; Trojan horses; Transformers; Attack prediction; deep learning; transformer; LSTM; attack graph

Ask authors/readers for more resources

Propose DeepAG, a framework that utilizes system logs to detect threats and predict attack paths. DeepAG leverages transformer models to detect APT attack sequences and utilizes LSTM network for bi-directional attack path prediction. It also constructs attack graphs and offers mechanisms for adapting to new attack patterns.
The complicated multi-step attacks, such as Advanced Persistent Threats (APTs), have brought considerable threats to cybersecurity because they are naturally varied and complex. Therefore, studying the strategies of adversaries and making predictions are still significant challenges for attack prevention. To address these problems, we propose DeepAG, a framework utilizing system logs to detect threats and predict the attack paths. DeepAG leverages transformer models to novelly detect APT attack sequences by modeling semantic information of system logs. On the other hand, DeepAG utilizes Long Short-Term Memory (LSTM) network to propose bi-directional prediction for attack paths, which achieves higher performance than traditional BiLSTM. In addition, with previously detected attack sequences and predicted paths, DeepAG constructs the attack graphs that attackers may follow to compromise the network. Furthermore, DeepAG offers the mechanisms of Out-Of-Vocabulary (OOV) word processor and online update respectively to adapt new attack patterns that show up during detection and prediction stages. The experiments on open-source data sets show that more than 99% of over 15000 sequences can be detected accurately by DeepAG. Moreover, DeepAG can improve the baseline by 11.166% of accuracy in terms of prediction.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.6
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available