GA-ConvE: An APT attack prediction method based on combination of graph attention network and 2D convolution.

APT (Advanced Persistent Threat) attacks have become a significant challenge in the field of cybersecurity. Timely and accurate identification and prediction of APT attacks are crucial tasks. This paper proposes a new APT attack prediction method-GA-ConvE. By collecting APT threat intelligence and constructing an attack behavior knowledge graph, we classify and infer similar APT behaviors from a knowledge-based perspective, enabling effective prediction of APT attacks. To solve the problem in the classification module where some attack features are lost as the layers of the graph neural network increase, we propose a residual multi-layer graph attention network (RMultiGAT). Through this network leverages residual blocks, organizing and analyzing the data of multi-layer graph attention networks, we classify APT behaviors into different categories based on behavioral similarities. To tackle the challenges of large inference space, low prediction accuracy, and weak interpretability in the inference module, we introduce a joint prediction model combining graph attention networks and two-dimensional convolution (GA-ConvE). This model extracts behavioral features within each APT class and conducts targeted inferences for behaviors in each class, generating more precise embeddings, improving inference performance, thus realizing more accurate and interpretable predictions of APT attacks. Through Lots of experiments in real-world situations, the effectiveness of the GA-ConvE method in predicting APT attacks are validated. These research findings contribute to enhancing the real-time response capabilities against APT attacks.