Detecting Complex Multi-step Attacks with Explainable Graph Neural Network

• URL: http://arxiv.org/abs/2405.11335v2
• Date: Fri, 14 Jun 2024 02:19:45 GMT
• Title: Detecting Complex Multi-step Attacks with Explainable Graph Neural Network
• Authors: Wei Liu, Peng Gao, Haotian Zhang, Ke Li, Weiyong Yang, Xingshen Wei, Jiwu Shu,
• Abstract summary: Complex multi-step attacks have caused significant damage to numerous critical infrastructures. To detect such attacks, graph neural network based methods have shown promising results. However, existing methods still face several challenges when deployed in practice.
• Score: 22.36690129820124
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Complex multi-step attacks have caused significant damage to numerous critical infrastructures. To detect such attacks, graph neural network based methods have shown promising results by modeling the system's events as a graph. However, existing methods still face several challenges when deployed in practice. First, there is a lack of sufficient real attack data especially considering the large volume of normal data. Second, the modeling of event graphs is challenging due to their dynamic and heterogeneous nature. Third, the lack of explanation in learning models undermines the trustworthiness of such methods in production environments. To address the above challenges, in this paper, we propose an attack detection method, Trace2Vec. The approach first designs an erosion function to augment rare attack samples, and integrates them into the event graphs. Next, it models the event graphs via a continuous-time dynamic heterogeneous graph neural network. Finally, it employs the Monte Carlo tree search algorithm to identify events with greater contributions to the attack, thus enhancing the explainability of the detection result. We have implemented a prototype for Trace2Vec, and the experimental evaluations demonstrate its superior detection and explanation performance compared to existing methods.

Related papers

• Extreme Value Modelling of Feature Residuals for Anomaly Detection in Dynamic Graphs [14.8066991252587]
  detecting anomalies in a temporal sequence of graphs can be applied to areas such as the detection of accidents in transport networks and cyber attacks in computer networks. Existing methods for detecting abnormal graphs can suffer from multiple limitations, such as high false positive rates and difficulties with handling variable-sized graphs and non-trivial temporal dynamics. We propose a technique where temporal dependencies are explicitly modelled via time series analysis of a large set of pertinent graph features, followed by using residuals to remove the dependencies.
  arXiv  Detail & Related papers  (2024-10-08T05:00:53Z)
• Three Revisits to Node-Level Graph Anomaly Detection: Outliers, Message Passing and Hyperbolic Neural Networks [9.708651460086916]
  In this paper, we revisit datasets and approaches for unsupervised node-level graph anomaly detection tasks. Firstly, we introduce outlier injection methods that create more diverse and graph-based anomalies in graph datasets. Secondly, we compare methods employing message passing against those without, uncovering the unexpected decline in performance.
  arXiv  Detail & Related papers  (2024-03-06T19:42:34Z)
• ADA-GAD: Anomaly-Denoised Autoencoders for Graph Anomaly Detection [84.0718034981805]
  We introduce a novel framework called Anomaly-Denoised Autoencoders for Graph Anomaly Detection (ADA-GAD) In the first stage, we design a learning-free anomaly-denoised augmentation method to generate graphs with reduced anomaly levels. In the next stage, the decoders are retrained for detection on the original graph.
  arXiv  Detail & Related papers  (2023-12-22T09:02:01Z)
• GADY: Unsupervised Anomaly Detection on Dynamic Graphs [18.1896489628884]
  We propose a continuous dynamic graph model to capture the fine-grained information, which breaks the limit of existing discrete methods. For the second challenge, we pioneer the use of Generative Adversarial Networks to generate negative interactions. Our proposed GADY significantly outperforms the previous state-of-the-art method on three real-world datasets.
  arXiv  Detail & Related papers  (2023-10-25T05:27:45Z)
• DAGAD: Data Augmentation for Graph Anomaly Detection [57.92471847260541]
  This paper devises a novel Data Augmentation-based Graph Anomaly Detection (DAGAD) framework for attributed graphs. A series of experiments on three datasets prove that DAGAD outperforms ten state-of-the-art baseline detectors concerning various mostly-used metrics.
  arXiv  Detail & Related papers  (2022-10-18T11:28:21Z)
• Model Inversion Attacks against Graph Neural Networks [65.35955643325038]
  We study model inversion attacks against Graph Neural Networks (GNNs) In this paper, we present GraphMI to infer the private training graph data. Our experimental results show that such defenses are not sufficiently effective and call for more advanced defenses against privacy attacks.
  arXiv  Detail & Related papers  (2022-09-16T09:13:43Z)
• Meta Adversarial Perturbations [66.43754467275967]
  We show the existence of a meta adversarial perturbation (MAP) MAP causes natural images to be misclassified with high probability after being updated through only a one-step gradient ascent update. We show that these perturbations are not only image-agnostic, but also model-agnostic, as a single perturbation generalizes well across unseen data points and different neural network architectures.
  arXiv  Detail & Related papers  (2021-11-19T16:01:45Z)
• Adversarial Attacks on Graph Classification via Bayesian Optimisation [25.781404695921122]
  We present a novel optimisation-based attack method for graph classification models. Our method is black-box, query-efficient and parsimonious with respect to the perturbation applied. We empirically validate the effectiveness and flexibility of the proposed method on a wide range of graph classification tasks.
  arXiv  Detail & Related papers  (2021-11-04T13:01:20Z)
• Deep Fraud Detection on Non-attributed Graph [61.636677596161235]
  Graph Neural Networks (GNNs) have shown solid performance on fraud detection. labeled data is scarce in large-scale industrial problems, especially for fraud detection. We propose a novel graph pre-training strategy to leverage more unlabeled data.
  arXiv  Detail & Related papers  (2021-10-04T03:42:09Z)
• Node Copying for Protection Against Graph Neural Network Topology Attacks [24.81359861632328]
  In particular, corruptions of the graph topology can degrade the performance of graph based learning algorithms severely. We propose an algorithm that uses node copying to mitigate the degradation in classification that is caused by adversarial attacks.
  arXiv  Detail & Related papers  (2020-07-09T18:09:55Z)
• Adversarial Attack on Community Detection by Hiding Individuals [68.76889102470203]
  We focus on black-box attack and aim to hide targeted individuals from the detection of deep graph community detection models. We propose an iterative learning framework that takes turns to update two modules: one working as the constrained graph generator and the other as the surrogate community detection model.
  arXiv  Detail & Related papers  (2020-01-22T09:50:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.