Research on APT group classification method based on graph attention networks

Advanced persistent threat (APT) attacks cause significant damage to both enterprises and individuals, and timely and accurate identification of APT groups is of critical importance. However, APT groups are highly covert, making it difficult to obtain accurate data samples for classification. To improve the classification of APT groups, this paper proposes an organization classification model based on Graph Attention Networks. By enriching the dataset with additional samples of APT groups, this study extracts various types of knowledge related to APT groups and explores the relationships among these knowledge pieces to construct a security entity model. Furthermore, a network security knowledge graph is built to store these security entity models. To enhance the stability of the graph attention network, multi-head attention is introduced. The improved graph attention network is then used to group similar security entity models into one category, completing the classification of APT groups.