Chen Daowei, Yan Hongsheng
School of Information and Communication, National University of Defense Technology, Wuhan, China.
PLoS One. 2025 Jun 10;20(6):e0323377. doi: 10.1371/journal.pone.0323377. eCollection 2025.
Advanced Persistent Threat (APT) malware attacks, characterized by their stealth, persistence, and high destructiveness, have become a critical focus in cybersecurity defense for large organizations. Verifying and identifying the sources and affiliated groups of APT malware is one of the effective means to counter APT attacks. This paper addresses the issue of tracing and attributing APT malware groups. By improving and innovating the extraction methods for image features and disassembled instruction N-gram features of APT malware, and based on the Temporal Convolutional Network (TCN) model, the paper achieves high-accuracy classification and identification of APT malware. To mitigate the impact of insufficient APT malware samples and data imbalance on classification performance, the paper employs Generative Adversarial Networks (GAN) to expand the sample size. Validation on both public and self-constructed datasets shows that the proposed method achieves an accuracy and precision rate of 99.8%, significantly outperforming other methods. This work provides a foundation for subsequent countermeasures and accountability against related APT attack groups.
高级持续性威胁(APT)恶意软件攻击具有隐蔽性、持续性和高度破坏性,已成为大型组织网络安全防御的关键重点。验证和识别APT恶意软件的来源及附属组织是应对APT攻击的有效手段之一。本文探讨了APT恶意软件组织的追踪和溯源问题。通过改进和创新APT恶意软件的图像特征及反汇编指令N-gram特征提取方法,并基于时间卷积网络(TCN)模型,实现了对APT恶意软件的高精度分类和识别。为减轻APT恶意软件样本不足和数据不平衡对分类性能的影响,本文采用生成对抗网络(GAN)扩大样本规模。在公共数据集和自建数据集上的验证表明,该方法的准确率和精确率达到99.8%,显著优于其他方法。这项工作为后续针对相关APT攻击组织的应对措施和责任追究奠定了基础。
