GraphDART: Graph Distillation for Efficient Advanced Persistent Threat Detection

• URL: http://arxiv.org/abs/2501.02796v1
• Date: Mon, 06 Jan 2025 06:29:57 GMT
• Title: GraphDART: Graph Distillation for Efficient Advanced Persistent Threat Detection
• Authors: Saba Fathi Rabooki, Bowen Li, Falih Gozi Febrinanto, Ciyuan Peng, Elham Naghizade, Fengling Han, Feng Xia,
• Abstract summary: Cyber-physical-social systems (CPSSs) have emerged in many applications over recent decades, requiring increased attention to security concerns. The rise of sophisticated threats like Advanced Persistent Threats (APTs) makes ensuring security in CPSSs particularly challenging. We present GraphDART, a modular framework designed to distill provenance graphs into compact yet informative representations.
• Score: 11.730485948507523
• License:
• Abstract: Cyber-physical-social systems (CPSSs) have emerged in many applications over recent decades, requiring increased attention to security concerns. The rise of sophisticated threats like Advanced Persistent Threats (APTs) makes ensuring security in CPSSs particularly challenging. Provenance graph analysis has proven effective for tracing and detecting anomalies within systems, but the sheer size and complexity of these graphs hinder the efficiency of existing methods, especially those relying on graph neural networks (GNNs). To address these challenges, we present GraphDART, a modular framework designed to distill provenance graphs into compact yet informative representations, enabling scalable and effective anomaly detection. GraphDART can take advantage of diverse graph distillation techniques, including classic and modern graph distillation methods, to condense large provenance graphs while preserving essential structural and contextual information. This approach significantly reduces computational overhead, allowing GNNs to learn from distilled graphs efficiently and enhance detection performance. Extensive evaluations on benchmark datasets demonstrate the robustness of GraphDART in detecting malicious activities across cyber-physical-social systems. By optimizing computational efficiency, GraphDART provides a scalable and practical solution to safeguard interconnected environments against APTs.

Related papers

• Random Walk Guided Hyperbolic Graph Distillation [46.5100809575555]
  This paper presents the Hyperbolic Graph Distillation with Random Walks Optimization (HyDRO) HyDRO is a novel graph distillation approach that leverages hyperbolic embeddings to capture complex geometric patterns and optimize the spectral gap in hyperbolic space. Experiments show that HyDRO demonstrates strong task generalization, consistently outperforming state-of-the-art methods in both node classification and link prediction tasks.
  arXiv  Detail & Related papers  (2025-01-26T22:55:34Z)
• Keep It Simple: Towards Accurate Vulnerability Detection for Large Code Graphs [6.236203127696138]
  We propose a novel vulnerability detection method, ANGLE, which embodies the hierarchical graph refinement and context-aware graph representation learning. Our method significantly outperforms several other baselines in terms of the accuracy and F1 score. In large code graphs, ANGLE achieves an improvement in accuracy of 34.27%-161.93% compared to the state-of-the-art method, AMPLE.
  arXiv  Detail & Related papers  (2024-12-13T14:27:51Z)
• Explainable Malware Detection through Integrated Graph Reduction and Learning Techniques [2.464148828287322]
  Control Flow Graphs and Function Call Graphs have become pivotal in providing a detailed understanding of program execution. These graph-based representations, when combined with Graph Neural Networks (GNN), have shown promise in developing high-performance malware detectors. This paper addresses these issues by developing several graph reduction techniques to reduce graph size and applying the state-of-the-art GNNExplainer to enhance the interpretability of GNN outputs.
  arXiv  Detail & Related papers  (2024-12-04T18:59:45Z)
• On the Robustness of Graph Reduction Against GNN Backdoor [9.377257547233919]
  Graph Neural Networks (GNNs) are gaining popularity across various domains due to their effectiveness in learning graph-structured data. backdoor poisoning attacks pose serious threats to real-world applications. graph reduction techniques, including coarsening and sparsification, have emerged as effective methods for accelerating GNN training on large-scale graphs.
  arXiv  Detail & Related papers  (2024-07-02T17:08:38Z)
• Through the Dual-Prism: A Spectral Perspective on Graph Data Augmentation for Graph Classification [67.35058947477631]
  We introduce Dual-Prism (DP) augmentation methods, including DP-Noise and DP-Mask, which retain essential graph properties while diversifying augmented graphs. Extensive experiments validate the efficiency of our approach, providing a new and promising direction for graph data augmentation.
  arXiv  Detail & Related papers  (2024-01-18T12:58:53Z)
• GraphCloak: Safeguarding Task-specific Knowledge within Graph-structured Data from Unauthorized Exploitation [61.80017550099027]
  Graph Neural Networks (GNNs) are increasingly prevalent in a variety of fields. Growing concerns have emerged regarding the unauthorized utilization of personal data. Recent studies have shown that imperceptible poisoning attacks are an effective method of protecting image data from such misuse. This paper introduces GraphCloak to safeguard against the unauthorized usage of graph data.
  arXiv  Detail & Related papers  (2023-10-11T00:50:55Z)
• Everything Perturbed All at Once: Enabling Differentiable Graph Attacks [61.61327182050706]
  Graph neural networks (GNNs) have been shown to be vulnerable to adversarial attacks. We propose a novel attack method called Differentiable Graph Attack (DGA) to efficiently generate effective attacks. Compared to the state-of-the-art, DGA achieves nearly equivalent attack performance with 6 times less training time and 11 times smaller GPU memory footprint.
  arXiv  Detail & Related papers  (2023-08-29T20:14:42Z)
• Deep Fraud Detection on Non-attributed Graph [61.636677596161235]
  Graph Neural Networks (GNNs) have shown solid performance on fraud detection. labeled data is scarce in large-scale industrial problems, especially for fraud detection. We propose a novel graph pre-training strategy to leverage more unlabeled data.
  arXiv  Detail & Related papers  (2021-10-04T03:42:09Z)
• Information Obfuscation of Graph Neural Networks [96.8421624921384]
  We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data. We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
  arXiv  Detail & Related papers  (2020-09-28T17:55:04Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.