Saved in:
Bibliographic Details
Main Authors: Mandlik, Simon, Pevny, Tomas, Smidl, Vaclav, Bajer, Lukas
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2408.03287
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909280813187072
author Mandlik, Simon
Pevny, Tomas
Smidl, Vaclav
Bajer, Lukas
author_facet Mandlik, Simon
Pevny, Tomas
Smidl, Vaclav
Bajer, Lukas
contents Detection of malicious behavior in a large network is a challenging problem for machine learning in computer security, since it requires a model with high expressive power and scalable inference. Existing solutions struggle to achieve this feat -- current cybersec-tailored approaches are still limited in expressivity, and methods successful in other domains do not scale well for large volumes of data, rendering frequent retraining impossible. This work proposes a new perspective for learning from graph data that is modeling network entity interactions as a large heterogeneous graph. High expressivity of the method is achieved with neural network architecture HMILnet that naturally models this type of data and provides theoretical guarantees. The scalability is achieved by pursuing local graph inference, i.e., classifying individual vertices and their neighborhood as independent samples. Our experiments exhibit improvement over the state-of-the-art Probabilistic Threat Propagation (PTP) algorithm, show a further threefold accuracy improvement when additional data is used, which is not possible with the PTP algorithm, and demonstrate the generalization capabilities of the method to new, previously unseen entities.
format Preprint
id arxiv_https___arxiv_org_abs_2408_03287
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Malicious Internet Entity Detection Using Local Graph Inference
Mandlik, Simon
Pevny, Tomas
Smidl, Vaclav
Bajer, Lukas
Machine Learning
Cryptography and Security
Detection of malicious behavior in a large network is a challenging problem for machine learning in computer security, since it requires a model with high expressive power and scalable inference. Existing solutions struggle to achieve this feat -- current cybersec-tailored approaches are still limited in expressivity, and methods successful in other domains do not scale well for large volumes of data, rendering frequent retraining impossible. This work proposes a new perspective for learning from graph data that is modeling network entity interactions as a large heterogeneous graph. High expressivity of the method is achieved with neural network architecture HMILnet that naturally models this type of data and provides theoretical guarantees. The scalability is achieved by pursuing local graph inference, i.e., classifying individual vertices and their neighborhood as independent samples. Our experiments exhibit improvement over the state-of-the-art Probabilistic Threat Propagation (PTP) algorithm, show a further threefold accuracy improvement when additional data is used, which is not possible with the PTP algorithm, and demonstrate the generalization capabilities of the method to new, previously unseen entities.
title Malicious Internet Entity Detection Using Local Graph Inference
topic Machine Learning
Cryptography and Security
url https://arxiv.org/abs/2408.03287