RAPID: Robust APT Detection and Investigation Using Context-Aware Deep Learning
This addresses the challenge of APT detection for organizations, offering improved accuracy and interpretability, though it appears incremental as it builds on existing provenance-based methods with deep learning enhancements.
The paper tackles the problem of detecting advanced persistent threats (APTs) by introducing RAPID, a deep learning-based method that achieves higher precision and recall than state-of-the-art approaches, significantly reducing false positives.
Advanced persistent threats (APTs) pose significant challenges for organizations, leading to data breaches, financial losses, and reputational damage. Existing provenance-based approaches for APT detection often struggle with high false positive rates, a lack of interpretability, and an inability to adapt to evolving system behavior. We introduce RAPID, a novel deep learning-based method for robust APT detection and investigation, leveraging context-aware anomaly detection and alert tracing. By utilizing self-supervised sequence learning and iteratively learned embeddings, our approach effectively adapts to dynamic system behavior. The use of provenance tracing both enriches the alerts and enhances the detection capabilities of our approach. Our extensive evaluation demonstrates RAPID's effectiveness and computational efficiency in real-world scenarios. In addition, RAPID achieves higher precision and recall than state-of-the-art methods, significantly reducing false positives. RAPID integrates contextual information and facilitates a smooth transition from detection to investigation, providing security teams with detailed insights to efficiently address APT threats.