An Anomaly Detection Method Based on Meta-Path and Heterogeneous Graph Attention Network

Zheheng Peng, Chun Shan*, Changzhen Hu

*此作品的通讯作者

科研成果: 书/报告/会议事项章节会议稿件同行评审

摘要

Advanced Persistent Threats (APT) in the current network environment are becoming increasingly complex and diverse. Most existing APT anomaly detection is based on attack knowledge bases and preset rules, which are difficult to design and cannot make good use of the rich semantic information in the original log data. This results in poor detection of unknown attacks. This paper proposes an anomaly detection method based on meta-path and heterogeneous provenance graph. We design a heterogeneous graph structure to represent provenance graph, and define the meta-paths of the PROCESS nodes. Then we use Heterogeneous Graph Attention Network (HAN) to learn the embedding representation of the nodes based on meta-paths. The resulting graph's node embedding is used as node features, and then we apply SVDD algorithm to identify anomalous nodes. A series of experiments were conducted on the Unicorn SC-2 dataset to validate the proposed method. The final results demonstrate that our method outperforms two current anomaly detection systems.

源语言英语
主期刊名2024 5th International Conference on Computer Engineering and Application, ICCEA 2024
出版商Institute of Electrical and Electronics Engineers Inc.
137-140
页数4
ISBN(电子版)9798350386776
DOI
出版状态已出版 - 2024
活动5th International Conference on Computer Engineering and Application, ICCEA 2024 - Hybrid, Hangzhou, 中国
期限: 12 4月 202414 4月 2024

出版系列

姓名2024 5th International Conference on Computer Engineering and Application, ICCEA 2024

会议

会议5th International Conference on Computer Engineering and Application, ICCEA 2024
国家/地区中国
Hybrid, Hangzhou
时期12/04/2414/04/24

指纹

探究 'An Anomaly Detection Method Based on Meta-Path and Heterogeneous Graph Attention Network' 的科研主题。它们共同构成独一无二的指纹。

引用此