LogShield: A New Framework That Detects The APT Attack Patterns
There have been several cases of GPT model-based detection for various attacks from system logs.
已经有几例基于 GPT 模型的检测来自系统日志的各种攻击。
However, there has been no dedicated framework for detecting APTs as they use a low and slow approach to compromise the systems.
Security researchers have recently unveiled a cutting-edge framework known as LogShield. This innovative tool leverages the self-attention capabilities of transformers to identify attack patterns associated with Advanced Persistent Threats (APTs).
安全研究人员最近推出了一个名为 LogShield 的尖端框架。这一创新工具利用转换器的自注意力功能来识别与高级持续性威胁 （APT） 相关的攻击模式。
By analyzing network logs, LogShield can detect subtle indicators of APTs that may have otherwise gone unnoticed, providing a powerful defense against these sophisticated attacks.
通过分析网络日志，LogShield 可以检测出可能被忽视的 APT 的细微指标，从而为这些复杂的攻击提供强大的防御。
According to the researchers, the efficiency of this framework has been reported to be 95% and 98%.
据研究人员称，据报道，该框架的效率分别为 95% 和 98%。
The main purpose of using language models for detecting malicious events is because they have been designed to process large sequences of words or log data, which is useful when processing records of events on a cyber attack.
使用 SafeGuard 保护您的存储
Is Your Storage & Backup Systems Fully Protected? – Watch 40-Second Tour Of SafeGuard
您的存储和备份系统是否受到全面保护？– 观看 40 秒 SafeGuard 之旅
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Additionally, the self-attention mechanism of GPT models can assign different weights to different events based on their relativity to the APTs and can be adjusted concerning the event’s importance.
此外，GPT 模型的自注意力机制可以根据不同事件对 APT 的相对性为不同事件分配不同的权重，并可以根据事件的重要性进行调整。
Machine learning techniques have been used to detect attack patterns instead of rule-based or signature-based attack detection methods, which have relatively low performance when detecting Zero-Day APTs.
Moreover, several deep learning-based methods have been explored to detect APT attacks.
此外，还探索了几种基于深度学习的方法来检测 APT 攻击。
Limitations Of LogShield LogShield 的局限性
Though LogShield has superior performance, there is a limitation to this framework. As it has high performance, it also comes with an increased memory consumption and longer computational time. As part of the research, LogShield and LSTM models have been used.
尽管 LogShield 具有卓越的性能，但此框架存在局限性。由于它具有高性能，它还增加了内存消耗和更长的计算时间。作为研究的一部分，使用了 LogShield 和 LSTM 模型。
However, after many experiments, efficiency was achieved with a 98% F1-score in APT detection.
然而，经过多次实验，APT 检测的 F1 分数达到 98%。
A report about LogShield has been published, providing detailed information about the training models using their statistical data and other information.
关于 LogShield 的报告已经发布，其中提供了有关使用其统计数据和其他信息的训练模型的详细信息。
转载请注明：LogShield: A New Framework That Detects The APT Attack Patterns | CTF导航