1,658 research outputs found
Graph-based Time-Series Anomaly Detection: A Survey
With the recent advances in technology, a wide range of systems continue to
collect a large amount of data over time and thus generate time series.
Time-Series Anomaly Detection (TSAD) is an important task in various
time-series applications such as e-commerce, cybersecurity, vehicle
maintenance, and healthcare monitoring. However, this task is very challenging
as it requires considering both the intra-variable dependency and the
inter-variable dependency, where a variable can be defined as an observation in
time series data. Recent graph-based approaches have made impressive progress
in tackling the challenges of this field. In this survey, we conduct a
comprehensive and up-to-date review of Graph-based TSAD (G-TSAD). First, we
explore the significant potential of graph representation learning for
time-series data. Then, we review state-of-the-art graph anomaly detection
techniques in the context of time series and discuss their strengths and
drawbacks. Finally, we discuss the technical challenges and potential future
directions for possible improvements in this research field.Comment: 19 pages, 4 figures, 2 table
Use of Graph Neural Networks in Aiding Defensive Cyber Operations
In an increasingly interconnected world, where information is the lifeblood
of modern society, regular cyber-attacks sabotage the confidentiality,
integrity, and availability of digital systems and information. Additionally,
cyber-attacks differ depending on the objective and evolve rapidly to disguise
defensive systems. However, a typical cyber-attack demonstrates a series of
stages from attack initiation to final resolution, called an attack life cycle.
These diverse characteristics and the relentless evolution of cyber attacks
have led cyber defense to adopt modern approaches like Machine Learning to
bolster defensive measures and break the attack life cycle. Among the adopted
ML approaches, Graph Neural Networks have emerged as a promising approach for
enhancing the effectiveness of defensive measures due to their ability to
process and learn from heterogeneous cyber threat data. In this paper, we look
into the application of GNNs in aiding to break each stage of one of the most
renowned attack life cycles, the Lockheed Martin Cyber Kill Chain. We address
each phase of CKC and discuss how GNNs contribute to preparing and preventing
an attack from a defensive standpoint. Furthermore, We also discuss open
research areas and further improvement scopes.Comment: 35 pages, 9 figures, 8 table
Graph Learning for Anomaly Analytics: Algorithms, Applications, and Challenges
Anomaly analytics is a popular and vital task in various research contexts,
which has been studied for several decades. At the same time, deep learning has
shown its capacity in solving many graph-based tasks like, node classification,
link prediction, and graph classification. Recently, many studies are extending
graph learning models for solving anomaly analytics problems, resulting in
beneficial advances in graph-based anomaly analytics techniques. In this
survey, we provide a comprehensive overview of graph learning methods for
anomaly analytics tasks. We classify them into four categories based on their
model architectures, namely graph convolutional network (GCN), graph attention
network (GAT), graph autoencoder (GAE), and other graph learning models. The
differences between these methods are also compared in a systematic manner.
Furthermore, we outline several graph-based anomaly analytics applications
across various domains in the real world. Finally, we discuss five potential
future research directions in this rapidly growing field
Graph learning for anomaly analytics : algorithms, applications, and challenges
Anomaly analytics is a popular and vital task in various research contexts that has been studied for several decades. At the same time, deep learning has shown its capacity in solving many graph-based tasks, like node classification, link prediction, and graph classification. Recently, many studies are extending graph learning models for solving anomaly analytics problems, resulting in beneficial advances in graph-based anomaly analytics techniques. In this survey, we provide a comprehensive overview of graph learning methods for anomaly analytics tasks. We classify them into four categories based on their model architectures, namely graph convolutional network, graph attention network, graph autoencoder, and other graph learning models. The differences between these methods are also compared in a systematic manner. Furthermore, we outline several graph-based anomaly analytics applications across various domains in the real world. Finally, we discuss five potential future research directions in this rapidly growing field. © 2023 Association for Computing Machinery
Node re-ordering as a means of anomaly detection in time-evolving graphs
© Springer International Publishing AG 2016. Anomaly detection is a vital task for maintaining and improving any dynamic system. In this paper, we address the problem of anomaly detection in time-evolving graphs, where graphs are a natural representation for data in many types of applications. A key challenge in this context is how to process large volumes of streaming graphs. We propose a pre-processing step before running any further analysis on the data, where we permute the rows and columns of the adjacency matrix. This pre-processing step expedites graph mining techniques such as anomaly detection, PageRank, or graph coloring. In this paper, we focus on detecting anomalies in a sequence of graphs based on rank correlations of the reordered nodes. The merits of our approach lie in its simplicity and resilience to challenges such as unsupervised input, large volumes and high velocities of data. We evaluate the scalability and accuracy of our method on real graphs, where our method facilitates graph processing while producing more deterministic orderings. We show that the proposed approach is capable of revealing anomalies in a more efficient manner based on node rankings. Furthermore, our method can produce visual representations of graphs that are useful for graph compression
Graph-Based Multi-Label Classification for WiFi Network Traffic Analysis
Network traffic analysis, and specifically anomaly and attack detection, call for sophisticated tools relying on a large number of features. Mathematical modeling is extremely difficult, given the ample variety of traffic patterns and the subtle and varied ways that malicious activity can be carried out in a network. We address this problem by exploiting data-driven modeling and computational intelligence techniques. Sequences of packets captured on the communication medium are considered, along with multi-label metadata. Graph-based modeling of the data are introduced, thus resorting to the powerful GRALG approach based on feature information granulation, identification of a representative alphabet, embedding and genetic optimization. The obtained classifier is evaluated both under accuracy and complexity for two different supervised problems and compared with state-of-the-art algorithms. We show that the proposed preprocessing strategy is able to describe higher level relations between data instances in the input domain, thus allowing the algorithms to suitably reconstruct the structure of the input domain itself. Furthermore, the considered Granular Computing approach is able to extract knowledge on multiple semantic levels, thus effectively describing anomalies as subgraphs-based symbols of the whole network graph, in a specific time interval. Interesting performances can thus be achieved in identifying network traffic patterns, in spite of the complexity of the considered traffic classes
SIGL:Securing Software Installations Through Deep Graph Learning
Many users implicitly assume that software can only be exploited after it is
installed. However, recent supply-chain attacks demonstrate that application
integrity must be ensured during installation itself. We introduce SIGL, a new
tool for detecting malicious behavior during software installation. SIGL
collects traces of system call activity, building a data provenance graph that
it analyzes using a novel autoencoder architecture with a graph long short-term
memory network (graph LSTM) for the encoder and a standard multilayer
perceptron for the decoder. SIGL flags suspicious installations as well as the
specific installation-time processes that are likely to be malicious. Using a
test corpus of 625 malicious installers containing real-world malware, we
demonstrate that SIGL has a detection accuracy of 96%, outperforming similar
systems from industry and academia by up to 87% in precision and recall and 45%
in accuracy. We also demonstrate that SIGL can pinpoint the processes most
likely to have triggered malicious behavior, works on different audit platforms
and operating systems, and is robust to training data contamination and
adversarial attack. It can be used with application-specific models, even in
the presence of new software versions, as well as application-agnostic
meta-models that encompass a wide range of applications and installers.Comment: 18 pages, to appear in the 30th USENIX Security Symposium (USENIX
Security '21
- …