Privacy-Preserving Network Attack Provenance Based on Graph Convolutional Neural Network

Li Teng; Qiao Wei; Zhang Jiawei; Gao Yiyang; Wang Shenao; Shen Yulong; Ma Jianfeng

doi:10.7544/issn1000-1239.2021.20200942

Journal of Computer Research and Development > 2021 > 58(5): 1006-1020. > DOI: 10.7544/issn1000-1239.2021.20200942 CSTR: 32373.14.issn1000-1239.2021.20200942

Li Teng, Qiao Wei, Zhang Jiawei, Gao Yiyang, Wang Shenao, Shen Yulong, Ma Jianfeng. Privacy-Preserving Network Attack Provenance Based on Graph Convolutional Neural Network[J]. Journal of Computer Research and Development, 2021, 58(5): 1006-1020. DOI: 10.7544/issn1000-1239.2021.20200942

Citation:

PDF (4205 KB)

Privacy-Preserving Network Attack Provenance Based on Graph Convolutional Neural Network

¹(School of Cyber Engineering, Xidian University, Xi’an 710071)
²(School of Computer Science and Technology, Xidian University, Xi’an 710071)
³(School of Artificial Intelligence, Xidian University, Xi’an 710071)

Funds: This work was supported by the National Natural Science Foundation of China (61902291), the China Postdoctoral Science Foundation (2019M653567), the Natural Science Foundation of Shaanxi Province of China (2019JM-425), and the Fundamental Research Funds for the Central Universities (JB191507).

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

APT(advanced persistent threat) attacks have a long incubation time and a vital purpose. It can destroy the inside’s enterprise security fortress, employing variant Trojans, ransomware, and botnet. However, the existing attack source tracing methods only target a single log or traffic data, making it impossible to trace the complete process of multi-stage attacks. Because of the complicated log relationship, serious state explosion problems will occur in the log relationship graph, making it difficult to classify and identify attacks accurately. Simultaneously, data privacy protection is rarely considered in using log and traffic data for attack tracing approaches. We propose an attack tracing method based on a Graph Convolutional Network (GCN) with user data privacy protection to solve these problems. Supervised learning solves the state explosion caused by multiple log relationship connections, optimizing the Louvain community discovery algorithm to improve detection speed and accuracy. Moreover, using map neural networks to attack classification effectively and combining privacy protection scheme leveraging CP-ABE (Ciphertext-Policy Attribute Based Encryption) properties realize log data secure sharing in public cloud. In this paper, the detection speed and efficiency of four APT attack testing methods are reproduced. Experimental results show that the detection time of this method can be reduced by 90% at most, and the accuracy can reach 92%.
- attack provenance,
- graph convolutional neural network,
- privacy preserving,
- data access control,
- attribute-based encryption

FullText(HTML)

References (0)

[1]	Xie Guo, Zhang Huaiwen, Wang Le, Liao Qing, Zhang Aoqian, Zhou Zhili, Ge Huilin, Wang Zhiheng, Wu Guozheng. Acceptance and Funding Status of Artificial Intelligence Discipline Projects Under the National Natural Science Foundation of China in 2024[J]. Journal of Computer Research and Development, 2025, 62(3): 648-661. DOI: 10.7544/issn1000-1239.202550008
[2]	Li Xu, Zhu Rui, Chen Xiaolei, Wu Jinxuan, Zheng Yi, Lai Chenghang, Liang Yuxuan, Li Bin, Xue Xiangyang. A Survey of Hallucinations in Large Vision-Language Models: Causes, Evaluations and Mitigations[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440444
[3]	Chen Xuanting, Ye Junjie, Zu Can, Xu Nuo, Gui Tao, Zhang Qi. Robustness of GPT Large Language Models on Natural Language Processing Tasks[J]. Journal of Computer Research and Development, 2024, 61(5): 1128-1142. DOI: 10.7544/issn1000-1239.202330801
[4]	Zhang Mi, Pan Xudong, Yang Min. JADE-DB：A Universal Testing Benchmark for Large Language Model Safety Based on Targeted Mutation[J]. Journal of Computer Research and Development, 2024, 61(5): 1113-1127. DOI: 10.7544/issn1000-1239.202330959
[5]	Shu Wentao, Li Ruixiao, Sun Tianxiang, Huang Xuanjing, Qiu Xipeng. Large Language Models: Principles, Implementation, and Progress[J]. Journal of Computer Research and Development, 2024, 61(2): 351-361. DOI: 10.7544/issn1000-1239.202330303
[6]	Yang Yi, Li Ying, Chen Kai. Vulnerability Detection Methods Based on Natural Language Processing[J]. Journal of Computer Research and Development, 2022, 59(12): 2649-2666. DOI: 10.7544/issn1000-1239.20210627
[7]	Pan Xudong, Zhang Mi, Yang Min. Fishing Leakage of Deep Learning Training Data via Neuron Activation Pattern Manipulation[J]. Journal of Computer Research and Development, 2022, 59(10): 2323-2337. DOI: 10.7544/issn1000-1239.20220498
[8]	Pan Xuan, Xu Sihan, Cai Xiangrui, Wen Yanlong, Yuan Xiaojie. Survey on Deep Learning Based Natural Language Interface to Database[J]. Journal of Computer Research and Development, 2021, 58(9): 1925-1950. DOI: 10.7544/issn1000-1239.2021.20200209
[9]	Zheng Haibin, Chen Jinyin, Zhang Yan, Zhang Xuhong, Ge Chunpeng, Liu Zhe, Ouyang Yike, Ji Shouling. Survey of Adversarial Attack, Defense and Robustness Analysis for Natural Language Processing[J]. Journal of Computer Research and Development, 2021, 58(8): 1727-1750. DOI: 10.7544/issn1000-1239.2021.20210304
[10]	Wang Ye, Chen Junwu, Xia Xin, Jiang Bo. Intelligent Requirements Elicitation and Modeling: A Literature Review[J]. Journal of Computer Research and Development, 2021, 58(4): 683-705. DOI: 10.7544/issn1000-1239.2021.20200740