Abstract
Unknown threats have caused severe damage in critical infrastructures. To solve this issue, the graph-based methods have been proposed because of their ability for learning complex interaction patterns of network entities with discrete graph snapshots. However, such methods are challenged by the computer networking model characterized by the natural continuous-time dynamic heterogeneous graph (CDHG). In this paper, we propose a CDHG-based graph neural network model, namely, CDHGN, for unknown threat detection. It first constructs the CDHG using interaction relationships among network entities extracted from various log records. Then, it trains the detection model based on a heterogeneous attention network and performs streaming detection for live online network events. We implement a prototype and conduct extensive experiments on a comprehensive cybersecurity dataset with more than nine million records. Experimental result shows that the proposed method can achieve superior detection performance than the state-of-the-art methods.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
