Article: The APT family classification system based on APT call sequences and attention mechanism Journal: International Journal of Information and Computer Security (IJICS) 2025 Vol.26 No.1/2 pp.22 - 40 Abstract: Advanced persistent threats (APT) pose a major cybersecurity concern due to their covert nature and targeted attacks on enterprises, industries, and national infrastructures. Orchestrated by well-organised hacker groups, these threats leverage sophisticated malware, which makes detection and source tracing challenging. However, characteristic patterns within the malware used by each hacker group allow for classification and analysis. In this study, we present an innovative APT classification system that leverages the temporal dependencies of API call sequences through a hybrid deep learning model. By integrating a one-dimensional convolutional neural network (CNN) with a bidirectional long short-term memory (BiLSTM) network, enhanced with an attention mechanism, our system effectively captures the nuanced behaviours of malware. This model allows for a refined understanding of APT malware, offering both high accuracy and practical utility. The system is tested on a dataset of 12 different malware families, and the results show high accuracy and practical utility. Inderscience Publishers - linking academia, business and industry through research

Title: The APT family classification system based on APT call sequences and attention mechanism

Authors: Zeng Shou; Yue-bin Di; Xiao Ma; Rui-chao Xu; He-qiu Chai; Long Yin

Addresses: State Grid Liaoning Electric Power Supply Co., Ltd., No. 18, Ningbo Road, Shenyang 110003, Liaoning, China ' State Grid Liaoning Electric Power Supply Co., Ltd., No. 18, Ningbo Road, Shenyang 110003, Liaoning, China ' NARI Group Corporation (State Grid Electronic Power Research Institute), No. 19, Chengxin Avenue, Jiangning District, Nanjing 210061, Jiangsu, China; Beijing Kedong Electric Power Control System Co., Ltd., No. 15, Xiaoying East Road, Haidian District, Beijing 100192, China ' State Grid Liaoning Electric Power Supply Co., Ltd., No. 18, Ningbo Road, Shenyang 110003, Liaoning, China ' Software College, Northeastern University, Shenyang 110169, Liaoning, China ' Software College, Northeastern University, Shenyang 110169, Liaoning, China

Abstract: Advanced persistent threats (APT) pose a major cybersecurity concern due to their covert nature and targeted attacks on enterprises, industries, and national infrastructures. Orchestrated by well-organised hacker groups, these threats leverage sophisticated malware, which makes detection and source tracing challenging. However, characteristic patterns within the malware used by each hacker group allow for classification and analysis. In this study, we present an innovative APT classification system that leverages the temporal dependencies of API call sequences through a hybrid deep learning model. By integrating a one-dimensional convolutional neural network (CNN) with a bidirectional long short-term memory (BiLSTM) network, enhanced with an attention mechanism, our system effectively captures the nuanced behaviours of malware. This model allows for a refined understanding of APT malware, offering both high accuracy and practical utility. The system is tested on a dataset of 12 different malware families, and the results show high accuracy and practical utility.

Keywords: APT; dynamic analysis; convolutional neural network; CNN.

DOI: 10.1504/IJICS.2025.145097

International Journal of Information and Computer Security, 2025 Vol.26 No.1/2, pp.22 - 40

Received: 05 Sep 2023
Accepted: 23 Mar 2024
Published online: 19 Mar 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: The APT family classification system based on APT call sequences and attention mechanism

Keep up-to-date