基于圖神經(jīng)網(wǎng)絡驅(qū)動的APT攻擊瀕源與檢測機制研究

打開文本圖片集

中圖分類號：TP309.5；TP391.4 文獻標識碼：A 文章編號：2096-4706（2025）12-0171-05

Research on APT Attack Provenance and Detection Mechanism Driven Based on Graph Neural Network

ZHANGLiang，LI Cheng，CHENXiaobo，LI Baoke，LIUKexin （KunlunDigital TechnologyCo.，Ltd.，Beijing 102206，China）

Abstract：Aiming at thechalenges ofhigh false alarmrate and poor scalabilityinlarge-scalenetwork attack provenance， an Advanced Persistent Threat （APT）intrusion detection system basedon provenance graphand Graph Neural Network is constructed.Firstly，atypicalatack provenancegraph isconstructed throughthesystem log.Secondly，thesemanticencoder is used tocapture thebasicsemanticatributesandthe temporal sequenceofevents inthe provenance graph.Thirdlyaontext encoder basedon Graph Neural Network isused to effctively encode local and global graph structures intonodeembedding. Finaly，thenodeembeddings generatedduringthetraningpasearequicklylasifedbyheclasifer.Tealgorithmachieves eficient processingoflarge-scale provenancegraphsthrough GraphNeuralNetwork，andtakes intoaccounttheeffciencyof data procesing，which can be used forreal-time detectionofAdvanced Persistent Threat.Compared with existing intrusion detectionsystems，thealgorithmachieves higherdetectionacuracyonpublictestdatasets，ndshowsbeteralarmeffciencyand scalability.

Keywords： provenance graph; Graph Neural Network; APT attck detection

0 引言

隨著網(wǎng)絡安全態(tài)勢的不斷演變，入侵檢測系統(tǒng)已成為網(wǎng)絡安全策略的重要組成部分，尤其是在應對高級持續(xù)威脅（AdvancedPersistentThreat，APT）方面。（剩余7636字）