Unknown web attack threat detection based on large language model

被引：1

作者：

Xu, Yijia ^{[1
]}

Zhang, Qiang ^{[1
]}

Deng, Huaxin ^{[1
]}

Liu, Zhonglin ^{[1
]}

Yang, Cheng ^{[2
]}

Fang, Yong ^{[1
]}

机构：

[1] Sichuan Univ, Sch Cyber Sci & Engn, Chengdu, Sichuan, Peoples R China

[2] Beijing Univ Posts & Telecommun, Sch Comp Sci, Beijing, Peoples R China

来源：

APPLIED SOFT COMPUTING | 2025年 / 173卷

基金：

中国国家自然科学基金;

关键词：

Unknown threat; Abnormal behavior; Graph contrastive learning; Large language model; Causal analysis;

D O I：

10.1016/j.asoc.2025.112905

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Unknown attacks pose a significant threat to current cyber defenses. Traditional methods for detecting abnormal user behaviors rely on explicit associations and content information, often overlooking implicit causal relationships. Additionally, the frequent emergence of new attack types and the scarcity of training data limit their effectiveness. The paper proposes a novel approach for detecting abnormal user behaviors using large language models (LLMs), addressing these challenges under low-resource conditions. Our method extracts implicit causal relationships from system logs to build behavior graphs and employs label-free graph contrastive invariant learning to generate causal feature vectors. A multi-agent framework, including narrator and decision- maker agents, is used to improve descriptive text generation, while the Translator more efficiently converts causal vectors into meaningful descriptions. Experimental results on the WAB-dataset demonstrate that implicit causal relationships enhance the graph structure's ability to represent abnormal behaviors. The integration of LLMs enables superior behavior analysis with fewer resources compared to traditional methods. Additionally, the comprehensibility of the generated texts and the efficiency of the Translator provide a strong foundation for supporting security professionals in understanding and analyzing abnormal behaviors in real-world scenarios.

引用

页数：15

共 52 条

[1] Kumar A., Fahad M., Arif H., Hussain H.K., Advancements in detection and mitigation: Fortifying against APTs-a comprehensive review, BULLET: J. Multidisiplin Ilmu, 3, 1, pp. 141-150, (2024)
[2] Obi O.C., Akagha O.V., Dawodu S.O., Anyanwu A.C., Onwusinkwue S., Ahmad I.A.I., Comprehensive review on cybersecurity: modern threats and advanced defense strategies, Comput. Sci. & IT Res. J., 5, 2, pp. 293-310, (2024)
[3] Alhamed M., Rahman M.M.H., A systematic literature review on penetration testing in networks: Future research directions, Appl. Sci., 13, 12, (2023)
[4] Mohammadzadeh H., Gharehchopogh F.S., Feature selection with binary symbiotic organisms search algorithm for email spam detection, Int. J. Inf. Technol. Decis. Mak., 20, 1, pp. 469-515, (2021)
[5] Pillai S., Sharma A., Hybrid unsupervised web-attack detection and classification–A deep learning approach, Comput. Stand. Interfaces, 86, (2023)
[6] Xu Y., Fang Y., Liu Z., Zhang Q., PWAGAT: Potential web attacker detection based on graph attention network, Neurocomputing, 557, (2023)
[7] Tong X., Tan X., Sun X., Abnormal behavior detection based on GCN-BiLSTM, Third International Conference on Machine Learning and Computer Application, Vol. 12636, ICMLCA 2022, pp. 468-474, (2023)
[8] Park J.-T., Shin C.-Y., Baek U.-J., Kim M.-S., User behavior detection using multi-modal signatures of encrypted network traffic, IEEE Access, (2023)
[9] Xu Y., Fang Y., Huang C., Liu Z., Hghan: Hacker group identification based on heterogeneous graph attention network, Inform. Sci., 612, pp. 848-863, (2022)
[10] Ajala O.A., Okoye C.C., Ofodile O.C., Arinze C.A., Daraojimba O.D., Et al., Review of AI and machine learning applications to predict and Thwart cyber-attacks in real-time, Magna Sci. Adv. Res. Rev., 10, 1, pp. 312-320, (2024)

← 1 2 3 4 5 6 →