MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning
Granularity
DOI:
10.48550/arxiv.2310.09831
Publication Date:
2023-01-01
AUTHORS (6)
ABSTRACT
Advance Persistent Threats (APTs), adopted by most delicate attackers, are becoming increasing common and pose great threat to various enterprises institutions. Data provenance analysis on graphs has emerged as a approach in APT detection. However, previous works have exhibited several shortcomings: (1) requiring attack-containing data priori knowledge of APTs, (2) failing extracting the rich contextual information buried within (3) impracticable due their prohibitive computation overhead memory consumption. In this paper, we introduce MAGIC, novel flexible self-supervised detection capable performing multi-granularity under different level supervision. MAGIC leverages masked graph representation learning model benign system entities behaviors, efficient deep feature extraction structure abstraction graphs. By ferreting out anomalous behaviors via outlier methods, is able perform both entity batched log specially designed handle concept drift with adaption mechanism successfully applies universal conditions scenarios. We evaluate three widely-used datasets, including real-world simulated attacks. Evaluation results indicate that achieves promising all scenarios shows enormous advantage over state-of-the-art approaches performance overhead.
SUPPLEMENTAL MATERIAL
Coming soon ....
REFERENCES ()
CITATIONS ()
EXTERNAL LINKS
PlumX Metrics
RECOMMENDATIONS
FAIR ASSESSMENT
Coming soon ....
JUPYTER LAB
Coming soon ....