A Multi-stage APT Attack Detection Method Based on Sample Enhancement

In order to solve the problems that the current Advanced Persistent Threat (APT) attack detection methods lack the detection of potential APT attack threats, and are difficult to obtain high detection accuracy in the case of smaller APT attack samples, a Sample Enhanced Multi-Stage APT Attack Detection Network (SE-ADN) is proposed. Sequence Generative Adversarial Network (seq-GAN) is used to simulate the generative attack encoder sequences, which are constructed by malicious traffic. The samples of multi-stage APT attack sequences are enhanced to increase the number of samples and improve the diversity of sample traffic features. A multi-stage APT attack detection network is proposed, which uses the attack features of each stage to enhance the detection awareness ability and improve the detection accuracy of the potential APT attack. The experimental results show that SE-ADN performs well on two benchmark datasets, and is better than the comparison methods in detecting multiple types of potential APT attacks.