Saved in:
Bibliographic Details
Main Author: Larroche, Corentin
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.13527
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908325840420864
author Larroche, Corentin
author_facet Larroche, Corentin
contents Foundation models have recently emerged as a new paradigm in machine learning (ML). These models are pre-trained on large and diverse datasets and can subsequently be applied to various downstream tasks with little or no retraining. This allows people without advanced ML expertise to build ML applications, accelerating innovation across many fields. However, the adoption of foundation models in cybersecurity is hindered by their inability to efficiently process data such as network traffic captures or binary executables. The recent introduction of graph foundation models (GFMs) could make a significant difference, as graphs are well-suited to representing these types of data. We study the usability of GFMs in cybersecurity through the lens of one specific use case, namely lateral movement detection. Using a pre-trained GFM, we build a detector that reaches state-of-the-art performance without requiring any training on domain-specific data. This case study thus provides compelling evidence of the potential of GFMs for cybersecurity.
format Preprint
id arxiv_https___arxiv_org_abs_2504_13527
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Designing a reliable lateral movement detector using a graph foundation model
Larroche, Corentin
Cryptography and Security
Machine Learning
Foundation models have recently emerged as a new paradigm in machine learning (ML). These models are pre-trained on large and diverse datasets and can subsequently be applied to various downstream tasks with little or no retraining. This allows people without advanced ML expertise to build ML applications, accelerating innovation across many fields. However, the adoption of foundation models in cybersecurity is hindered by their inability to efficiently process data such as network traffic captures or binary executables. The recent introduction of graph foundation models (GFMs) could make a significant difference, as graphs are well-suited to representing these types of data. We study the usability of GFMs in cybersecurity through the lens of one specific use case, namely lateral movement detection. Using a pre-trained GFM, we build a detector that reaches state-of-the-art performance without requiring any training on domain-specific data. This case study thus provides compelling evidence of the potential of GFMs for cybersecurity.
title Designing a reliable lateral movement detector using a graph foundation model
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2504.13527