TREC: APT Tactic / Technique Recognition via Few-Shot Provenance Subgraph Learning

arXiv:2402.15147v1 Announce Type: cross
Abstract: APT (Advanced Persistent Threat) with the characteristics of persistence, stealth, and diversity is one of the greatest threats against cyber-infrastructure. As a countermeasure, existing studies leverage provenance graphs to capture the complex relations between system entities in a host for effective APT detection. In addition to detecting single attack events as most existing work does, understanding the tactics / techniques (e.g., Kill-Chain, ATT&CK) applied to organize and accomplish the APT attack campaign is more important …

abstract advanced arxiv cs.cr cs.lg cyber detection diversity few-shot graphs infrastructure persistence provenance recognition relations stealth studies threat threats type via