Visible to the public Evolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning

TitleEvolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning
Publication TypeConference Paper
Year of Publication2020
AuthorsAyoade, G., Akbar, K. A., Sahoo, P., Gao, Y., Agarwal, A., Jee, K., Khan, L., Singhal, A.
Conference Name2020 IEEE Conference on Communications and Network Security (CNS)
Date PublishedJuly 2020
ISBN Number978-1-7281-4760-4
Keywordsadvanced persistent threat, advanced persistent threat detection, APT, APT attacks, attack campaigns, benign tools, Conferences, deep learning method, defense, detection accuracy, feature extraction, graph theory, high profile information, Human Behavior, learning (artificial intelligence), machine learning, Measurement, Metrics, online adaptive metric learning, provenance graph, pubcrawl, resilience, Resiliency, Scalability, security, security of data, Tools, TPR, Trojan horses, true positive rate, Zero day attacks, Zero-day attacks

Advanced persistent threats (APT) have increased in recent times as a result of the rise in interest by nation-states and sophisticated corporations to obtain high profile information. Typically, APT attacks are more challenging to detect since they leverage zero-day attacks and common benign tools. Furthermore, these attack campaigns are often prolonged to evade detection. We leverage an approach that uses a provenance graph to obtain execution traces of host nodes in order to detect anomalous behavior. By using the provenance graph, we extract features that are then used to train an online adaptive metric learning. Online metric learning is a deep learning method that learns a function to minimize the separation between similar classes and maximizes the separation between dis-similar instances. We compare our approach with baseline models and we show our method outperforms the baseline models by increasing detection accuracy on average by 11.3 % and increases True positive rate (TPR) on average by 18.3 %.

Citation Keyayoade_evolving_2020