Saved in:
Bibliographic Details
Main Authors: Yan, Wenhao, An, Ning, Qiao, Wei, Wu, Weiheng, Jiang, Bo, Lu, Zhigang, Liu, Baoxu, Liu, Junrong
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2502.06521
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915705273712640
author Yan, Wenhao
An, Ning
Qiao, Wei
Wu, Weiheng
Jiang, Bo
Lu, Zhigang
Liu, Baoxu
Liu, Junrong
author_facet Yan, Wenhao
An, Ning
Qiao, Wei
Wu, Weiheng
Jiang, Bo
Lu, Zhigang
Liu, Baoxu
Liu, Junrong
contents Advanced Persistent Threats (APTs) are difficult to detect due to their complexity and stealthiness. To mitigate such attacks, many approaches model entities and their relationship using provenance graphs to detect the stealthy and persistent characteristics of APTs. However, existing detection methods suffer from the flaws of missing indirect dependencies, noisy complex scenarios, and missing behavioral logical associations, which make it difficult to detect complex scenarios and effectively identify stealthy threats. In this paper, we propose Sentient, an APT detection method that combines pre-training and intent analysis. It employs a graph transformer to learn structural and semantic information from provenance graphs to avoid missing indirect dependencies. We mitigate scenario noise by combining global and local information. Additionally, we design an Intent Analysis Module (IAM) to associate logical relationships between behaviors. Sentient is trained solely on easily obtainable benign data to detect malicious behaviors that deviate from benign behavioral patterns. We evaluated Sentient on three widely-used datasets covering real-world attacks and simulated attacks. Notably, compared to six state-of-the-art methods, Sentient achieved an average reduction of 44% in false positive rate(FPR) for detection.
format Preprint
id arxiv_https___arxiv_org_abs_2502_06521
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Sentient: Detecting APTs Via Capturing Indirect Dependencies and Behavioral Logic
Yan, Wenhao
An, Ning
Qiao, Wei
Wu, Weiheng
Jiang, Bo
Lu, Zhigang
Liu, Baoxu
Liu, Junrong
Cryptography and Security
Advanced Persistent Threats (APTs) are difficult to detect due to their complexity and stealthiness. To mitigate such attacks, many approaches model entities and their relationship using provenance graphs to detect the stealthy and persistent characteristics of APTs. However, existing detection methods suffer from the flaws of missing indirect dependencies, noisy complex scenarios, and missing behavioral logical associations, which make it difficult to detect complex scenarios and effectively identify stealthy threats. In this paper, we propose Sentient, an APT detection method that combines pre-training and intent analysis. It employs a graph transformer to learn structural and semantic information from provenance graphs to avoid missing indirect dependencies. We mitigate scenario noise by combining global and local information. Additionally, we design an Intent Analysis Module (IAM) to associate logical relationships between behaviors. Sentient is trained solely on easily obtainable benign data to detect malicious behaviors that deviate from benign behavioral patterns. We evaluated Sentient on three widely-used datasets covering real-world attacks and simulated attacks. Notably, compared to six state-of-the-art methods, Sentient achieved an average reduction of 44% in false positive rate(FPR) for detection.
title Sentient: Detecting APTs Via Capturing Indirect Dependencies and Behavioral Logic
topic Cryptography and Security
url https://arxiv.org/abs/2502.06521