@inproceedings{3c6676e67b53419492e0d0fc15abc40e,
title = "An Anomaly Detection Method Based on Meta-Path and Heterogeneous Graph Attention Network",
abstract = "Advanced Persistent Threats (APT) in the current network environment are becoming increasingly complex and diverse. Most existing APT anomaly detection is based on attack knowledge bases and preset rules, which are difficult to design and cannot make good use of the rich semantic information in the original log data. This results in poor detection of unknown attacks. This paper proposes an anomaly detection method based on meta-path and heterogeneous provenance graph. We design a heterogeneous graph structure to represent provenance graph, and define the meta-paths of the PROCESS nodes. Then we use Heterogeneous Graph Attention Network (HAN) to learn the embedding representation of the nodes based on meta-paths. The resulting graph's node embedding is used as node features, and then we apply SVDD algorithm to identify anomalous nodes. A series of experiments were conducted on the Unicorn SC-2 dataset to validate the proposed method. The final results demonstrate that our method outperforms two current anomaly detection systems.",
keywords = "Anomaly Detection, Heterogeneous Graph Attention Network, meta-path, Provenance Graph, SVDD",
author = "Zheheng Peng and Chun Shan and Changzhen Hu",
note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 5th International Conference on Computer Engineering and Application, ICCEA 2024 ; Conference date: 12-04-2024 Through 14-04-2024",
year = "2024",
doi = "10.1109/ICCEA62105.2024.10604208",
language = "English",
series = "2024 5th International Conference on Computer Engineering and Application, ICCEA 2024",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "137--140",
booktitle = "2024 5th International Conference on Computer Engineering and Application, ICCEA 2024",
address = "United States",
}