DeepTaskAPT: Insider APT detection using Task-tree based Deep Learning
Mohammad Mamun, Kevin Shi
TL;DR
DeepTaskAPT introduces a novel task-tree based deep learning approach using LSTM to detect insider APTs by analyzing sequences of tasks, outperforming existing methods on synthetic and real datasets.
Contribution
It proposes a new task-tree based deep learning method for insider threat detection, utilizing process tree generated sequences and applying it across different users.
Findings
DeepTaskAPT outperforms DeepLog and baseline models.
High accuracy and low false-positive rates achieved.
First use of OpTC dataset for cyber threat detection.
Abstract
APT, known as Advanced Persistent Threat, is a difficult challenge for cyber defence. These threats make many traditional defences ineffective as the vulnerabilities exploited by these threats are insiders who have access to and are within the network. This paper proposes DeepTaskAPT, a heterogeneous task-tree based deep learning method to construct a baseline model based on sequences of tasks using a Long Short-Term Memory (LSTM) neural network that can be applied across different users to identify anomalous behaviour. Rather than applying the model to sequential log entries directly, as most current approaches do, DeepTaskAPT applies a process tree based task generation method to generate sequential log entries for the deep learning model. To assess the performance of DeepTaskAPT, we use a recently released synthetic dataset, DARPA Operationally Transparent Computing (OpTC) dataset…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Information and Cyber Security · Anomaly Detection Techniques and Applications