/APT-MMF

Primary LanguagePython

APT-MMF

This repository provides a reference implementation of APT-MMF as described in the paper:

APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion.
Computers & Security, 2024.

Installation and Execution

From Source

Start by grabbing this source code:

git clone https://github.com/NanArtist/APT-MMF.git

Environment

It is recommended to run this code inside a conda environment with python3.10.

  • Create environment: 
    conda create -n APT-MMF python=3.10
  • Activate environment: 
    conda activate APT-MMF

Requirements

Latest tested combination of the following packages for Python 3 are required:

  • PyTorch (2.0.0)
  • DGL (1.0.1)
  • NetworkX (2.8.4)
  • Sklearn (1.2.2)
  • NumPy (1.23.5)
  • SciPy (1.10.1)

To install all the requirements, run the following command:

python -m pip install -r requirements.txt

Execution

Once the environment is configured and the input data is prepared as described in emb.md, the programs can be run by the following command:

 python Main.py

Introduction

APT-MMF addresses the insufficient feature extraction and fusion problems encountered in the Cyber Threat Intelligence (CTI)-based APT actor attribution research. The main idea is the multimodal and multilevel feature fusion by multimodal node features and multilevel heterogeneous graph attention networks. This repository provides a reference implementation of APT-MMF, including the main programs, various utilities, etc. The execution results of APT-MMF for multiclassification tasks concerning APT actor attribution achieve a Micro-F1 value of 83.2% and a Macro-F1 value of 70.5% on a heterogeneous attributed graph dataset contained 1300 APT reports of 21 APT groups.

Please read our paper for more details. The preprint version of the paper is available at arXiv:2402.12743. The final version is now available online at doi:10.1016/j.cose.2024.103960.

Citing

If you find APT-MMF useful in your research, please consider citing the following paper:

@article{xiao_apt-mmf_2024,
    title={APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion},
    author={Xiao, Nan and Lang, Bo and Wang, Ting and Chen, Yikai},
    journal={Computers & Security},
    year={2024},
    doi={10.1016/j.cose.2024.103960},
}

Thank you for your interest in our research.