Machine learning on knowledge graphs for context-aware security
monitoring
- URL: http://arxiv.org/abs/2105.08741v1
- Date: Tue, 18 May 2021 18:00:19 GMT
- Title: Machine learning on knowledge graphs for context-aware security
monitoring
- Authors: Josep Soler Garrido, Dominik Dold, Johannes Frank
- Abstract summary: We discuss the application of machine learning on knowledge graphs for intrusion detection.
We experimentally evaluate a link-prediction method for scoring anomalous activity in industrial systems.
The proposed method is shown to produce intuitively well-calibrated and interpretable alerts in a diverse range of scenarios.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Machine learning techniques are gaining attention in the context of intrusion
detection due to the increasing amounts of data generated by monitoring tools,
as well as the sophistication displayed by attackers in hiding their activity.
However, existing methods often exhibit important limitations in terms of the
quantity and relevance of the generated alerts. Recently, knowledge graphs are
finding application in the cybersecurity domain, showing the potential to
alleviate some of these drawbacks thanks to their ability to seamlessly
integrate data from multiple domains using human-understandable vocabularies.
We discuss the application of machine learning on knowledge graphs for
intrusion detection and experimentally evaluate a link-prediction method for
scoring anomalous activity in industrial systems. After initial unsupervised
training, the proposed method is shown to produce intuitively well-calibrated
and interpretable alerts in a diverse range of scenarios, hinting at the
potential benefits of relational machine learning on knowledge graphs for
intrusion detection purposes.
Related papers
- AI-Based Energy Transportation Safety: Pipeline Radial Threat Estimation
Using Intelligent Sensing System [52.93806509364342]
This paper proposes a radial threat estimation method for energy pipelines based on distributed optical fiber sensing technology.
We introduce a continuous multi-view and multi-domain feature fusion methodology to extract comprehensive signal features.
We incorporate the concept of transfer learning through a pre-trained model, enhancing both recognition accuracy and training efficiency.
arXiv Detail & Related papers (2023-12-18T12:37:35Z) - A Survey of Graph Unlearning [11.841882902141696]
Graph unlearning provides the means to remove sensitive data traces from trained models, thereby upholding the right to be forgotten.
We present the first systematic review of graph unlearning approaches, encompassing a diverse array of methodologies.
We explore the versatility of graph unlearning across various domains, including but not limited to social networks, adversarial settings, and resource-constrained environments.
arXiv Detail & Related papers (2023-08-23T20:50:52Z) - Detection, Explanation and Filtering of Cyber Attacks Combining Symbolic
and Sub-Symbolic Methods [0.0]
We are exploring combining symbolic and sub-symbolic methods in the area of cybersecurity that incorporate domain knowledge.
The proposed method is shown to produce intuitive explanations for alerts for a diverse range of scenarios.
Not only do the explanations provide deeper insights into the alerts, but they also lead to a reduction of false positive alerts by 66% and by 93% when including the fidelity metric.
arXiv Detail & Related papers (2022-12-23T09:03:51Z) - Robustness Evaluation of Deep Unsupervised Learning Algorithms for
Intrusion Detection Systems [0.0]
This paper evaluates the robustness of six recent deep learning algorithms for intrusion detection on contaminated data.
Our experiments suggest that the state-of-the-art algorithms used in this study are sensitive to data contamination and reveal the importance of self-defense against data perturbation.
arXiv Detail & Related papers (2022-06-25T02:28:39Z) - Context-Dependent Anomaly Detection with Knowledge Graph Embedding
Models [0.0]
We develop a framework for converting a context-dependent anomaly detection problem to a link prediction problem.
We show that our method can detect context-dependent anomalies with a high degree of accuracy.
arXiv Detail & Related papers (2022-03-17T14:36:12Z) - Software Vulnerability Detection via Deep Learning over Disaggregated
Code Graph Representation [57.92972327649165]
This work explores a deep learning approach to automatically learn the insecure patterns from code corpora.
Because code naturally admits graph structures with parsing, we develop a novel graph neural network (GNN) to exploit both the semantic context and structural regularity of a program.
arXiv Detail & Related papers (2021-09-07T21:24:36Z) - Counterfactual Attention Learning for Fine-Grained Visual Categorization
and Re-identification [101.49122450005869]
We present a counterfactual attention learning method to learn more effective attention based on causal inference.
Specifically, we analyze the effect of the learned visual attention on network prediction.
We evaluate our method on a wide range of fine-grained recognition tasks.
arXiv Detail & Related papers (2021-08-19T14:53:40Z) - Information Obfuscation of Graph Neural Networks [96.8421624921384]
We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data.
We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
arXiv Detail & Related papers (2020-09-28T17:55:04Z) - Any-Shot Sequential Anomaly Detection in Surveillance Videos [36.24563211765782]
We propose an online anomaly detection method for surveillance videos using transfer learning and any-shot learning.
Our proposed algorithm leverages the feature extraction power of neural network-based models for transfer learning and the any-shot learning capability of statistical detection methods.
arXiv Detail & Related papers (2020-04-05T02:15:45Z) - Graph Representation Learning via Graphical Mutual Information
Maximization [86.32278001019854]
We propose a novel concept, Graphical Mutual Information (GMI), to measure the correlation between input graphs and high-level hidden representations.
We develop an unsupervised learning model trained by maximizing GMI between the input and output of a graph neural encoder.
arXiv Detail & Related papers (2020-02-04T08:33:49Z) - Survey of Network Intrusion Detection Methods from the Perspective of
the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector.
We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods.
As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.