Advance Persistent Threats (APTs), adopted by most delicate attackers, are becoming increasing common and pose great threat to various enterprises institutions. Data provenance analysis on graphs has emerged as a approach in APT detection. However, previous works have exhibited several shortcomings: (1) requiring attack-containing data priori knowledge of APTs, (2) failing extracting the rich contextual information buried within (3) impracticable due their prohibitive computation overhead memory consumption. In this paper, we introduce MAGIC, novel flexible self-supervised detection capable performing multi-granularity under different level supervision. MAGIC leverages masked graph representation learning model benign system entities behaviors, efficient deep feature extraction structure abstraction graphs. By ferreting out anomalous behaviors via outlier methods, is able perform both entity batched log specially designed handle concept drift with adaption mechanism successfully applies universal conditions scenarios. We evaluate three widely-used datasets, including real-world simulated attacks. Evaluation results indicate that achieves promising all scenarios shows enormous advantage over state-of-the-art approaches performance overhead.

Load

Load