TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning

arXiv:2402.15147v1 Announce Type: new
Abstract: APT (Advanced Persistent Threat) with the characteristics of persistence, stealth, and diversity is one of the greatest threats against cyber-infrastructure. As a countermeasure, existing studies leverage provenance graphs to capture the complex relations between system entities in a host for effective APT detection. In addition to detecting single attack events as most existing work does, understanding the tactics / techniques (e.g., Kill-Chain, ATT&CK) applied to organize and accomplish the APT attack campaign is more important …

advanced advanced persistent threat apt arxiv capture cs.cr cs.lg cyber detection diversity entities graphs host infrastructure persistence persistent persistent threat provenance recognition stealth studies system tactic threat threats