基于图神经网络驱动的APT攻击濒源与检测机制研究

打开文本图片集

中图分类号：TP309.5；TP391.4 文献标识码：A 文章编号：2096-4706（2025）12-0171-05

Research on APT Attack Provenance and Detection Mechanism Driven Based on Graph Neural Network

ZHANGLiang，LI Cheng，CHENXiaobo，LI Baoke，LIUKexin （KunlunDigital TechnologyCo.，Ltd.，Beijing 102206，China）

Abstract：Aiming at thechalenges ofhigh false alarmrate and poor scalabilityinlarge-scalenetwork attack provenance， an Advanced Persistent Threat （APT）intrusion detection system basedon provenance graphand Graph Neural Network is constructed.Firstly，atypicalatack provenancegraph isconstructed throughthesystem log.Secondly，thesemanticencoder is used tocapture thebasicsemanticatributesandthe temporal sequenceofevents inthe provenance graph.Thirdlyaontext encoder basedon Graph Neural Network isused to effctively encode local and global graph structures intonodeembedding. Finaly，thenodeembeddings generatedduringthetraningpasearequicklylasifedbyheclasifer.Tealgorithmachieves eficient processingoflarge-scale provenancegraphsthrough GraphNeuralNetwork，andtakes intoaccounttheeffciencyof data procesing，which can be used forreal-time detectionofAdvanced Persistent Threat.Compared with existing intrusion detectionsystems，thealgorithmachieves higherdetectionacuracyonpublictestdatasets，ndshowsbeteralarmeffciencyand scalability.

Keywords： provenance graph; Graph Neural Network; APT attck detection

0 引言

随着网络安全态势的不断演变，入侵检测系统已成为网络安全策略的重要组成部分，尤其是在应对高级持续威胁（AdvancedPersistentThreat，APT）方面。（剩余7636字）