A Survey on Malware Detection with Graph Representation Learning

Malware detection has become a major concern due to the increasing number and complexity of malware. Traditional detection methods based on signatures and heuristics are used for malware detection, but unfortunately, they suffer from poor generalization to unknown attacks and can be easily circumvented using obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep Learning (DL) achieved impressive results in malware detection by learning useful representations from data and have become a solution preferred over traditional methods. More recently, the application of such techniques on graph-structured data has achieved state-of-the-art performance in various domains and demonstrates promising results in learning more robust representations from malware. Yet, no literature review focusing on graph-based deep learning for malware detection exists. In this survey, we provide an in-depth literature review to summarize and unify existing works under the common approaches and architectures. We notably demonstrate that Graph Neural Networks (GNNs) reach competitive results in learning robust embeddings from malware represented as expressive graph structures, leading to an efficient detection by downstream classifiers. This paper also reviews adversarial attacks that are utilized to fool graph-based detection methods. Challenges and future research directions are discussed at the end of the paper.Comment: Preprint, submitted to ACM Computing Surveys on March 2023. For any suggestions or improvements, please contact me directly by e-mai

High Prevalence of blaNDM Among Carbapenem Non‑Susceptible Klebsiella pneumoniae in a Tunisian Hospital First Report of blaNDM‑9, blaKPC‑20, and blaKPC‑26 Genes

peer reviewedFifty-four carbapenem non-susceptible Klebsiella pneumoniae (CNSKP) isolates were collected from a Tunisian hospital over a period of 13 consecutive months. Carbapenemase production and the prevalence of carbapenemase-encoding genes were investigated using combined-disk test (CDT), modified Carba NP (mCarba NP) test, and UV-spectrophotometry method complemented by PCR experiments and sequencing. Carbapenemase production was detected by the mCarba NP test and CDT in 92.59% and 96.29% of the 54 CNSKP isolates, respectively; while imipenem hydrolysis was detected using UV-spectrophotometry in the crude extracts of 44 isolates. blaNDM, blaOXA-48-like , and blaKPC carbapenemase-encoding genes were found in 48, 31, and 22 isolates, respectively. Remarkably, blaNDM-9, blaKPC-20 , and blaKPC-26 genes were reported. The co-occurrence of carbapenemase-encoding genes in a single isolate was detected in 62.96% of the isolates. The analysis of clonal relationships between the isolates by pulsed field gel electrophoresis revealed that the majority of them were geneti-cally unrelated. Our investigation provides molecular data on enzymatic mechanism of carbapenem non-susceptibility among 54 CNSKP showing the dominance of blaNDM, and comprises the first identification of blaNDM-9, blaKPC-20 , and blaKPC-26 genes in a Tunisia hospital

Few Edges Are Enough: Few-Shot Network Attack Detection with Graph Neural Networks

International audienceDetecting cyberattacks using Graph Neural Networks (GNNs) has seen promising results recently. Most of the state-of-the-art models that leverage these techniques require labeled examples, hard to obtain in many real-world scenarios. To address this issue, unsupervised learning and Self-Supervised Learning (SSL) have emerged as interesting approaches to reduce the dependency on labeled data. Nonetheless, these methods tend to yield more anomalous detection algorithms rather than effective attack detection systems. This paper introduces Few Edges Are Enough (FEAE), a GNN-based architecture trained with SSL and Few-Shot Learning (FSL) to better distinguish between false positive anomalies and actual attacks. To maximize the potential of few-shot examples, our model employs a hybrid self-supervised objective that combines the advantages of contrastive-based and reconstruction-based SSL. By leveraging only a minimal number of labeled attack events, represented as attack edges, FEAE achieves competitive performance on two well-known network datasets compared to both supervised and unsupervised methods. Remarkably, our experimental results unveil that employing only 1 malicious event for each attack type in the dataset issufficient to achieve substantial improvements. FEAE not only outperforms self-supervised GNN baselines but also surpasses some supervised approaches on one of the datasets

A Benchmark of Graph Augmentations for Contrastive Learning-Based Network Attack Detection with Graph Neural Networks

Graph Neural Networks (GNNs) have recently emerged as powerful tools for detecting network attacks, due to their ability to capture complex relationships between hosts. However, acquiring labeled datasets in the cybersecurity domain is challenging. Consequently, efforts are directed towards learning representations directly from data using self-supervised approaches. In this study, we focus on contrastive methods that aim to maximize agreement between the original graph and positive graph augmentations, while minimizing agreement with negative graph augmentations. Our goal is to benchmark 10 augmentation techniques and provide more efficient augmentations for network data. We systematically evaluate 100 pairs of positive and negative graphs and present our findings in a table, highlighting the best-performing techniques. In particular, the experiments demonstrate that leveraging topological and attributive augmentations in the positive and negative graph generally improves performance, with up to 1.8\% and 2.2\% improvement in F1-score on two different datasets. The analysis further showcases the intrinsic connection between the performance of graph augmentations and the underlying data, highlighting the need for careful prior selection to achieve optimal results

A Benchmark of Graph Augmentations for Contrastive Learning-Based Network Attack Detection with Graph Neural Networks

Graph Neural Networks (GNNs) have recently emerged as powerful tools for detecting network attacks, due to their ability to capture complex relationships between hosts. However, acquiring labeled datasets in the cybersecurity domain is challenging. Consequently, efforts are directed towards learning representations directly from data using self-supervised approaches. In this study, we focus on contrastive methods that aim to maximize agreement between the original graph and positive graph augmentations, while minimizing agreement with negative graph augmentations. Our goal is to benchmark 10 augmentation techniques and provide more efficient augmentations for network data. We systematically evaluate 100 pairs of positive and negative graphs and present our findings in a table, highlighting the best-performing techniques. In particular, the experiments demonstrate that leveraging topological and attributive augmentations in the positive and negative graph generally improves performance, with up to 1.8\% and 2.2\% improvement in F1-score on two different datasets. The analysis further showcases the intrinsic connection between the performance of graph augmentations and the underlying data, highlighting the need for careful prior selection to achieve optimal results

One Night of Partial Sleep Deprivation Affects Biomarkers of Cardiac Damage, but Not Cardiovascular and Lipid Profiles, in Young Athletes

Sleep loss is among the most common yet frequently overlooked problems. This disruptive influence is associated with an adverse lipid profile (LP) and consequently results in an increased risk of cardiovascular disease. Furthermore, it has been well established that athletes are increasingly confronted with sleep problems. The aim of this study was to explore the effect of one night of partial sleep deprivation (PSD) on the cardiovascular profile and LP in young, trained athletes. Ten male Taekwondo athletes were randomized for three sleep conditions in a counterbalanced order: (i) following a baseline sleep night (BN), (ii) following PSD at the beginning of the night (PSDBN), and (iii) following PSD at the end of the night (PSDEN). Basal cardiovascular physiological measures were recorded, and blood samples were taken in the fasted state following each sleep session (i.e., in the morning at 07:00 h). The results showed that myoglobin and creatine phosphokinase increased significantly after PSDEN but not after PSDBN. By contrast, no alteration was observed in the LP and physiological parameters following the two types of PSD. In conclusion, these results show that PSDEN increases cardiac damage biomarkers significantly, even though they do not reach clinical significance. Thus, one night of PSD does not affect the physiological responses and biomarkers of LP in Taekwondo athletes