Advanced Persistent Threat (APT) is challenging to detect due to prolonged duration, infrequent occurrence, and adept concealment techniques. Existing approaches primarily concentrate on the observable traits of attack behaviors, neglecting the intricate relationships formed throughout the persistent attack lifecycle. Thus, we present an innovative APT detection framework named LTRDetector, implementing an end-to-end holistic operation. LTRDetector employs an innovative graph embedding technique to retain comprehensive contextual information, then derives long-term features from these embedded provenance graphs. During the process, we compress the data of the system provenance graph for effective feature learning. Furthermore, in order to detect attacks conducted by using zero-day exploits, we captured the system's regular behavior and detects abnormal activities without relying on predefined attack signatures. We also conducted extensive evaluations using five prominent datasets, the efficacy evaluation of which underscores the superiority of LTRDetector compared to existing state-of-the-art techniques.

翻译：高级持续性威胁（APT）因其持续时间长、发生频率低以及隐蔽性强的特点而难以检测。现有方法主要关注攻击行为的可观测特征，忽视了持续性攻击生命周期中形成的复杂关联关系。为此，我们提出了一种名为LTRDetector的创新性APT检测框架，实现了端到端的全局化操作。LTRDetector采用创新的图嵌入技术保留完整的上下文信息，进而从这些嵌入的溯源图中提取长期特征。在此过程中，我们通过系统溯源图数据压缩实现高效特征学习。此外，为检测利用零日漏洞实施的攻击，我们捕捉系统常规行为模式，在不依赖预定义攻击签名的条件下识别异常活动。我们还在五个主流数据集上进行了大量评估实验，结果表明LTRDetector相较现有最先进技术具有显著优越性。