Research on APT Attack Detection Technology Based on DenseNet Convolutional Neural Network

Abstract

The detection of malicious code and variants of advanced persistent threat(APT) attacks is the main way to deal with APT attacks at this stage. APT attack organizations usually use code deformation, shelling, obfuscation and other methods to avoid detection to bypass APT attack malicious code detection. Aiming at the status quo, this paper proposes an APT attack detection scheme based on DenseNet convolutional neural network. First, the binary sample of the malicious code of the APT attack are preprocessed with some operations such as decompression and decompilation. APT attack malicious code samples are running in a sandbox with anti-code escaping technology, and the acquired data are converted into grayscale images. Then, we perform feature extraction and family clustering operations on the pre-processed image. Finally, the DenseNet convolutional neural network model is trained and tested on the sample data of the APT attack malicious code of eight families. The experimental results show that the average accuracy of the proposed scheme for the detection of APT attack malicious code and its variants can reach 98.84%. While cutting off the APT attack chain, it has a high detection accuracy.