2,376 research outputs found
Graph Mining for Cybersecurity: A Survey
The explosive growth of cyber attacks nowadays, such as malware, spam, and
intrusions, caused severe consequences on society. Securing cyberspace has
become an utmost concern for organizations and governments. Traditional Machine
Learning (ML) based methods are extensively used in detecting cyber threats,
but they hardly model the correlations between real-world cyber entities. In
recent years, with the proliferation of graph mining techniques, many
researchers investigated these techniques for capturing correlations between
cyber entities and achieving high performance. It is imperative to summarize
existing graph-based cybersecurity solutions to provide a guide for future
studies. Therefore, as a key contribution of this paper, we provide a
comprehensive review of graph mining for cybersecurity, including an overview
of cybersecurity tasks, the typical graph mining techniques, and the general
process of applying them to cybersecurity, as well as various solutions for
different cybersecurity tasks. For each task, we probe into relevant methods
and highlight the graph types, graph approaches, and task levels in their
modeling. Furthermore, we collect open datasets and toolkits for graph-based
cybersecurity. Finally, we outlook the potential directions of this field for
future research
Cyber Security
This open access book constitutes the refereed proceedings of the 17th International Annual Conference on Cyber Security, CNCERT 2021, held in Beijing, China, in AJuly 2021. The 14 papers presented were carefully reviewed and selected from 51 submissions. The papers are organized according to the following topical sections: ​data security; privacy protection; anomaly detection; traffic analysis; social network security; vulnerability detection; text classification
FraudDroid: Automated Ad Fraud Detection for Android Apps
Although mobile ad frauds have been widespread, state-of-the-art approaches
in the literature have mainly focused on detecting the so-called static
placement frauds, where only a single UI state is involved and can be
identified based on static information such as the size or location of ad
views. Other types of fraud exist that involve multiple UI states and are
performed dynamically while users interact with the app. Such dynamic
interaction frauds, although now widely spread in apps, have not yet been
explored nor addressed in the literature. In this work, we investigate a wide
range of mobile ad frauds to provide a comprehensive taxonomy to the research
community. We then propose, FraudDroid, a novel hybrid approach to detect ad
frauds in mobile Android apps. FraudDroid analyses apps dynamically to build UI
state transition graphs and collects their associated runtime network traffics,
which are then leveraged to check against a set of heuristic-based rules for
identifying ad fraudulent behaviours. We show empirically that FraudDroid
detects ad frauds with a high precision (93%) and recall (92%). Experimental
results further show that FraudDroid is capable of detecting ad frauds across
the spectrum of fraud types. By analysing 12,000 ad-supported Android apps,
FraudDroid identified 335 cases of fraud associated with 20 ad networks that
are further confirmed to be true positive results and are shared with our
fellow researchers to promote advanced ad fraud detectionComment: 12 pages, 10 figure
Cyber Security
This open access book constitutes the refereed proceedings of the 17th International Annual Conference on Cyber Security, CNCERT 2021, held in Beijing, China, in AJuly 2021. The 14 papers presented were carefully reviewed and selected from 51 submissions. The papers are organized according to the following topical sections: ​data security; privacy protection; anomaly detection; traffic analysis; social network security; vulnerability detection; text classification
Enhancing Graph Neural Network-based Fraud Detectors against Camouflaged Fraudsters
Graph Neural Networks (GNNs) have been widely applied to fraud detection
problems in recent years, revealing the suspiciousness of nodes by aggregating
their neighborhood information via different relations. However, few prior
works have noticed the camouflage behavior of fraudsters, which could hamper
the performance of GNN-based fraud detectors during the aggregation process. In
this paper, we introduce two types of camouflages based on recent empirical
studies, i.e., the feature camouflage and the relation camouflage. Existing
GNNs have not addressed these two camouflages, which results in their poor
performance in fraud detection problems. Alternatively, we propose a new model
named CAmouflage-REsistant GNN (CARE-GNN), to enhance the GNN aggregation
process with three unique modules against camouflages. Concretely, we first
devise a label-aware similarity measure to find informative neighboring nodes.
Then, we leverage reinforcement learning (RL) to find the optimal amounts of
neighbors to be selected. Finally, the selected neighbors across different
relations are aggregated together. Comprehensive experiments on two real-world
fraud datasets demonstrate the effectiveness of the RL algorithm. The proposed
CARE-GNN also outperforms state-of-the-art GNNs and GNN-based fraud detectors.
We integrate all GNN-based fraud detectors as an opensource toolbox:
https://github.com/safe-graph/DGFraud. The CARE-GNN code and datasets are
available at https://github.com/YingtongDou/CARE-GNN.Comment: Accepted by CIKM 202
Email phishing detection with BLSTM and word embeddings
The paper presents the email phishing detection method that uses BLSTM as a deep learning model. For feature extraction word embeddings ahs been used. Presented results demonstrate high accuracy and precision
- …