Abstract
Feint attack, as a combination of virtual attacks and real attacks of a new type of APT attack, has become the focus of attention. Under the cover of virtual attacks, real attacks can achieve the real purpose and cause losses inadvertently. However, to our knowledge, all previous works use common methods such as Causal-Correlation or Cased-based to detect outdated multi-stage attacks. Few attentions have been paid to detect the feint attack, because of the diversification of the concept of feint attack and the lack of professional datasets. Aiming at the existing challenge, this paper explores a new method to construct such dataset. A fuzzy clustering method based on attribute similarity is used to mine multi-stage attack chains. Then we use a few-shot deep learning algorithm (SMOTE&CNN-SVM) and bidirectional recurrent neural network model (Bi-RNN) to obtain the feint attack chains. Feint attack is simulated by the real attack inserted in the normal causal attack chain, and the addition of the real attack destroys the causal relationship of the original attack chain. So, we used Bi-RNN coding to obtain the hidden feature of feint attack chain. In experiments, we evaluate our approach through using the LLDoS1.0 and LLDoS2.0 of DARPA2000 and CICIDS2017 of Canadian Institute for Cybersecurity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ahmadian Ramaki, A., Rasoolzadegan, A.: Causal knowledge analysis for detecting and modeling multi-step attacks. Secur. Commun. Netw. 9(18), 6042–6065 (2016)
De Alvarenga, S.C., Barbon, S., Jr., Miani, R.S., et al.: Process mining and hierarchical clustering to help intrusion alert visualization. Comput. Secur. 73, 474–491 (2018)
Barzegar, M., Shajari, M.: Attack scenario reconstruction using intrusion semantics. Expert Syst. Appl. 108, 119–133 (2018)
Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering, pp. 390–395. IEEE (2014)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Information metrics for low-rate DDoS attack detection: a comparative evaluation. In: 2014 Seventh International Conference on Contemporary Computing (IC3), pp. 80–84. IEEE (2014)
Chowdhury, M.M.U., Hammond, F., Konowicz, G., et al.: A few-shot deep learning approach for improved intrusion detection. In: 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), pp. 456–462. IEEE (2017)
Panigrahi, R., Borah, S.: A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int. J. Eng. Technol. 7(3.24), 479–482 (2018)
Haas, S., Fischer, M.: GAC: graph-based alert correlation for the detection of distributed multi-step attacks. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 979–988 (2018)
Hahn, A., Thomas, R.K., Lozano, I., et al.: A multi-layered and kill-chain based security analysis framework for cyber-physical systems. Int. J. Crit. Infrastruct. Prot. 11, 39–50 (2015)
He, D., Chan, S., Zhang, Y., et al.: How effective are the prevailing attack-defense models for cybersecurity anyway? IEEE Intell. Syst. 29(5), 14–21 (2013)
Holgado, P., Villagrá, V.A., Vazquez, L.: Real-time multistep attack prediction based on hidden markov models. IEEE Trans. Dependable Secure Comput. 17(1), 134–147 (2017)
Katipally, R., Yang, L., Liu, A.: Attacker behavior analysis in multi-stage attack detection system. In: Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, p. 1 (2011)
Lee, K., Kim, J., Kwon, K.H., et al.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34(3), 1659–1665 (2008)
Li, M., Huang, W., Wang, Y., et al.: The study of APT attack stage model. In: 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS), pp. 1–5. IEEE (2016)
Nguyen, T.H., Wright, M., Wellman, M.P., et al.: Multi-stage attack graph security games: heuristic strategies, with empirical game-theoretic analysis. In: Proceedings of the 2017 Workshop on Moving Target Defense, pp. 87–97 (2017)
Pei, K., Gu, Z., Saltaformaggio, B., et al.: Hercule: attack story reconstruction via community discovery on correlated log graph. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 583–595 (2016)
Schuster, M., Paliwal, K.K.: Bidirectional recurrent neural networks. IEEE Trans. Signal Process. 45(11), 2673–2681 (1997)
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108–116 (2018)
Yadav, T., Rao, A.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-MartÃnez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40
Acknowledgement
This work was supported by the National Natural Science Foundation of China (61972025, 61802389, 61672092, U1811264, 61966009), the Fundamental Research Funds for the Central Universities of China (2018JBZ103, 2019RC008), Science and Technology on Information Assurance Laboratory, Guangxi Key Laboratory of Trusted Software (KX201902).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Jia, B. et al. (2021). Bidirectional RNN-Based Few-Shot Training for Detecting Multi-stage Attack. In: Wu, Y., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2020. Lecture Notes in Computer Science(), vol 12612. Springer, Cham. https://doi.org/10.1007/978-3-030-71852-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-71852-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71851-0
Online ISBN: 978-3-030-71852-7
eBook Packages: Computer ScienceComputer Science (R0)