Optimization of APT attack detection based on a model combining ATTENTION and deep learning

Abstract

Nowadays, early detecting and warning Advanced Persistent Threat (APT) attacks is a major challenge for intrusion monitoring and prevention systems. Current studies and proposals for APT attack detection often focus on combining machine-learning techniques and APT malware behavior analysis techniques based on network traffic. To improve the efficiency of APT attack detection, this paper proposes a new approach based on a combination of deep learning networks and ATTENTION networks. The proposed process for APT attack detection in this study is as follows: Firstly, all data of network traffic is pre-processed, and analyzed by the CNN-LSTM deep learning network, which is a combination of Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM). Then, instead of being used directly for classification, this data is analyzed and evaluated by the ATTENTION network. Finally, the output data of the ATTENTION network is classified to identify APT attacks. The optimization proposal for detecting APT attacks in this study is a novel proposal. It hasn’t been proposed and applied by any research. Some scenarios for comparing and evaluating the method proposed in this study with other approaches (implemented in section 4.4) show the superior effectiveness of our proposed approach. The results prove that the proposed method not only has scientific significance but also has practical significance because the model combining deep learning with ATTENTION network has helped improve the efficiency of analyzing and detecting APT malware based on network traffic.