ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (5): 1006-1020.doi: 10.7544/issn1000-1239.2021.20200942

Special Issue: 2021人工智能安全与隐私保护技术专题

Previous Articles     Next Articles

Privacy-Preserving Network Attack Provenance Based on Graph Convolutional Neural Network

Li Teng1, Qiao Wei2, Zhang Jiawei1, Gao Yiyang3, Wang Shenao1, Shen Yulong2, Ma Jianfeng1   

  1. 1(School of Cyber Engineering, Xidian University, Xi’an 710071);2(School of Computer Science and Technology, Xidian University, Xi’an 710071);3(School of Artificial Intelligence, Xidian University, Xi’an 710071)
  • Online:2021-05-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61902291), the China Postdoctoral Science Foundation (2019M653567), the Natural Science Foundation of Shaanxi Province of China (2019JM-425), and the Fundamental Research Funds for the Central Universities (JB191507).

Abstract: APT(advanced persistent threat) attacks have a long incubation time and a vital purpose. It can destroy the inside’s enterprise security fortress, employing variant Trojans, ransomware, and botnet. However, the existing attack source tracing methods only target a single log or traffic data, making it impossible to trace the complete process of multi-stage attacks. Because of the complicated log relationship, serious state explosion problems will occur in the log relationship graph, making it difficult to classify and identify attacks accurately. Simultaneously, data privacy protection is rarely considered in using log and traffic data for attack tracing approaches. We propose an attack tracing method based on a Graph Convolutional Network (GCN) with user data privacy protection to solve these problems. Supervised learning solves the state explosion caused by multiple log relationship connections, optimizing the Louvain community discovery algorithm to improve detection speed and accuracy. Moreover, using map neural networks to attack classification effectively and combining privacy protection scheme leveraging CP-ABE (Ciphertext-Policy Attribute Based Encryption) properties realize log data secure sharing in public cloud. In this paper, the detection speed and efficiency of four APT attack testing methods are reproduced. Experimental results show that the detection time of this method can be reduced by 90% at most, and the accuracy can reach 92%.

Key words: attack provenance, graph convolutional neural network, privacy preserving, data access control, attribute-based encryption

CLC Number: