LogShield: A New Framework That Detects The APT Attack Patterns

APT 1周前 admin
22 0 0

LogShield: A New Framework That Detects The APT Attack Patterns

There have been several cases of GPT model-based detection for various attacks from system logs.
已经有几例基于 GPT 模型的检测来自系统日志的各种攻击。

However, there has been no dedicated framework for detecting APTs as they use a low and slow approach to compromise the systems.
但是,还没有专门的框架来检测 APT,因为它们使用低速和慢速的方法来破坏系统。

Security researchers have recently unveiled a cutting-edge framework known as LogShield. This innovative tool leverages the self-attention capabilities of transformers to identify attack patterns associated with Advanced Persistent Threats (APTs).
安全研究人员最近推出了一个名为 LogShield 的尖端框架。这一创新工具利用转换器的自注意力功能来识别与高级持续性威胁 (APT) 相关的攻击模式。

By analyzing network logs, LogShield can detect subtle indicators of APTs that may have otherwise gone unnoticed, providing a powerful defense against these sophisticated attacks.
通过分析网络日志,LogShield 可以检测出可能被忽视的 APT 的细微指标,从而为这些复杂的攻击提供强大的防御。

According to the researchers, the efficiency of this framework has been reported to be 95% and 98%.
据研究人员称,据报道,该框架的效率分别为 95% 和 98%。

LogShield 日志盾

The main purpose of using language models for detecting malicious events is because they have been designed to process large sequences of words or log data, which is useful when processing records of events on a cyber attack.

Protect Your Storage With SafeGuard
使用 SafeGuard 保护您的存储

Is Your Storage & Backup Systems Fully Protected? – Watch 40-Second Tour Of SafeGuard
您的存储和备份系统是否受到全面保护?– 观看 40 秒 SafeGuard 之旅

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
StorageGuard 可扫描、检测并修复数百个存储和备份设备中的安全错误配置和漏洞。

Additionally, the self-attention mechanism of GPT models can assign different weights to different events based on their relativity to the APTs and can be adjusted concerning the event’s importance.
此外,GPT 模型的自注意力机制可以根据不同事件对 APT 的相对性为不同事件分配不同的权重,并可以根据事件的重要性进行调整。

LogShield: A New Framework That Detects The APT Attack Patterns
APT detection LogShield APT 检测 LogShield

Machine learning techniques have been used to detect attack patterns instead of rule-based or signature-based attack detection methods, which have relatively low performance when detecting Zero-Day APTs.

Moreover, several deep learning-based methods have been explored to detect APT attacks.
此外,还探索了几种基于深度学习的方法来检测 APT 攻击。

Limitations Of LogShield LogShield 的局限性

Though LogShield has superior performance, there is a limitation to this framework. As it has high performance, it also comes with an increased memory consumption and longer computational time. As part of the research, LogShield and LSTM models have been used. 
尽管 LogShield 具有卓越的性能,但此框架存在局限性。由于它具有高性能,它还增加了内存消耗和更长的计算时间。作为研究的一部分,使用了 LogShield 和 LSTM 模型。

However, after many experiments, efficiency was achieved with a 98% F1-score in APT detection.
然而,经过多次实验,APT 检测的 F1 分数达到 98%。

report about LogShield has been published, providing detailed information about the training models using their statistical data and other information.
关于 LogShield 的报告已经发布,其中提供了有关使用其统计数据和其他信息的训练模型的详细信息。


原文始发于EswarLogShield: A New Framework That Detects The APT Attack Patterns

版权声明:admin 发表于 2023年11月21日 下午10:34。
转载请注明:LogShield: A New Framework That Detects The APT Attack Patterns | CTF导航