A Combinational Model-Based APT Attack Detection Approach

Authors

  • Nguyen Thanh Tung
  • Nguyen Tien Trong
  • Nguyen Thi Hien
  • Nguyen Quang Hoan
  • Do Xuan Cho

DOI:

https://doi.org/10.54654/isj.v1i24.1078

Keywords:

APT Attack, BiLSTM model, BiLAG model, GCN, Deep learning model

Tóm tắt

In the context of a world increasingly reliant on digital technology, Advanced Persistent Threats (APT) pose a significant challenge to global cybersecurity. To address this issue, this paper introduces a novel approach called BiLSTM-Attention-GCN (BiLAG), an advanced model combining Bidirectional Long Short-Term Memory (BiLSTM) networks, Attention mechanisms, and Graph Convolutional Networks (GCN). The goal of BiLAG is to provide an effective and accurate method for detecting APT. BiLSTM is employed to capture temporal features related to event sequences, enabling the detection of anomalies over time. The Attention mechanism focuses on the most critical aspects of the dataset, allowing the model to identify hidden signals that indicate potential attacks. Lastly, GCN is utilized to explore complex relationships among network entities, enhancing APT detection by constructing a detailed and precise relational graph. Experimental results demonstrate that BiLAG achieves an accuracy of 99%, with high recall and significantly reduced false positive rates.

Downloads

Download data is not yet available.

References

. A. Alshamrani, S. Myneni, A. Chowdhary and D. Huang, “A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities”, IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1851-1877, 2019.

. Y. Wang, H. Liu, Z. Li, Z. Su and J. Li, “Combating Advanced Persistent Threats: Challenges and Solutions”, IEEE Network, vol. 33, no. 6, pp. 324 – 333, 2024. https://doi.org/10.1109/MNET.2024.3389734

. D. X. Cho, D. T. Huong and D. Duong, “New approach for APT malware detection on the workstation based on process profile”, Journal of Intelligent & Fuzzy Systems, vol. 43, no. 4, pp. 4815-4834, 2022.

. D. X. Cho and N. H. Cuong, “A novel approach for APT attack detection based on feature intelligent extraction and representation learning”, Plos one, vol. 19, no. 6, 2024

. S. Arefin, M. Chowdhury, R. Parvez, T. Ahmed, A. S. Abrar and F. Sumaiya, “Understanding APT detection using Machine learning algorithms: Is superior accuracy a thing?”, In 2024 IEEE International Conference on Electro Information Technology (eIT), pp. 532-537, May. 2024.

. J. H. Joloudari, M. Haderbadi, A. Mashmool, M. GhasemiGol, S. S. Band and A. Mosavi, “Early detection of the advanced persistent threat attack using performance analysis of deep learning”, IEEE Access, vol. 8, pp. 186125-186137, 2020.

. G. Xiang, C. Shi and Y. Zhang, “An APT event extraction method based on BERT-BiGRU-CRF for APT attack detection”, Electronics, vol. 12, no. 15, pp. 3349, 2023.

. A. Graves and J. Schmidhuber, “Framewise phoneme classification with bidirectional LSTM and other neural network architectures”, Neural networks, vol. 18, pp. 602-610, 2005.

. D. Bahdanau, “Neural machine translation by jointly learning to align and translate”, arXiv preprint arXiv:1409.0473, 2014.

. A. Vaswani, “Attention is all you need”, Advances in Neural Information Processing Systems, 2017.

. T. N. Kipf and M. Welling, “Semi-supervised classification with graph convolutional networks”, arXiv preprint arXiv:1609.02907, 2016.

. D. X. Cho, D. M. Hoang and N. H. Dinh, “APT attack detection based on flow network analysis techniques using deep learning”, Journal of Intelligent & Fuzzy Systems, vol. 39, no. 3, pp. 4785-4801, 2020.

. N. D. Hoa, D. X. Cho, N. H. Cuong and N. T. Long, “A new framework for APT attack detection based on network traffic”, Journal of Intelligent & Fuzzy Systems, vol. 44, no. 3, pp. 3459-3474, 2023.

. D. X. Cho, D.T. Huong and N. Toan, “A novel intelligent cognitive computing-based APT malware detection for Endpoint systems”, Journal of Intelligent & Fuzzy Systems, vol. 43, no. 3, pp. 3527-3547, 2022. doi:10.3233/JIFS-220233.

. N. H. Cuong, D. X. Cho, V. T. Long, N. D. Dat and T. Q. Anh, “A Novel Approach for APT Detection Based on Ensemble Learning Model”, Statistical Analysis and Data Mining: The ASA Data Science Journal, vol. 18, no. 1, 2025. https://doi.org/10.1002/sam.70005.

Downloads

Abstract views: 249 / PDF downloads: 71

Published

2025-06-30

How to Cite

Tung, N. T., Trong, N. T., Hien, N. T., Hoan, N. Q., & Cho, D. X. (2025). A Combinational Model-Based APT Attack Detection Approach. Journal of Science and Technology on Information Security, 1(24), 30-39. https://doi.org/10.54654/isj.v1i24.1078

Issue

No1. CS (24) 2025

Section

Papers

License

Proposed Policy for Journals That Offer Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Proposed Policy for Journals That Offer Delayed Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).