Research on APT groups malware classification based on TCN-GAN.

Advanced Persistent Threat (APT) malware attacks, characterized by their stealth, persistence, and high destructiveness, have become a critical focus in cybersecurity defense for large organizations. Verifying and identifying the sources and affiliated groups of APT malware is one of the effective means to counter APT attacks. This paper addresses the issue of tracing and attributing APT malware groups. By improving and innovating the extraction methods for image features and disassembled instruction N-gram features of APT malware, and based on the Temporal Convolutional Network (TCN) model, the paper achieves high-accuracy classification and identification of APT malware. To mitigate the impact of insufficient APT malware samples and data imbalance on classification performance, the paper employs Generative Adversarial Networks (GAN) to expand the sample size. Validation on both public and self-constructed datasets shows that the proposed method achieves an accuracy and precision rate of 99.8%, significantly outperforming other methods. This work provides a foundation for subsequent countermeasures and accountability against related APT attack groups.