Graph-Based Attack Path Discovery for Network Security

Graph-Based Attack Path Discovery for Network Security

Enterprise network systems are confronted with an escalating threat landscape, requiring timely and effective attack detection and mitigation of the risk of potential financial losses and system damages. However, existing algorithms mostly rely on machine learning techniques or attack knowledge base...

Full description

Saved in:
Bibliographic Details
Published in:2023 7th Cyber Security in Networking Conference (CSNet) pp. 178 - 184
Main Authors: Meng, Qiaoran, Wang, Huilin, Oo, Nay, Lim, Hoon Wei, Johannes Schatz, Benedikt, Sikdar, Biplab
Format: Conference Proceeding
Language:English
Published: IEEE 16-10-2023
Subjects:
Detectors
Graph-based Anomaly Detection
InfoGraph
Machine learning
Machine learning algorithms
Network Intrusion Detection System
Noise reduction
Telecommunication traffic
Traffic control
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Enterprise network systems are confronted with an escalating threat landscape, requiring timely and effective attack detection and mitigation of the risk of potential financial losses and system damages. However, existing algorithms mostly rely on machine learning techniques or attack knowledge bases. They face challenges dealing with the large volumes of noisy network logs in enterprises, as well as the emergence of unknown cyber attacks. Moreover, previous research has predominantly focused on anomaly detection using raw network traffic capture, with limited exploration on attack path prioritization. To address these challenges, this paper introduces a novel algorithm for attack path detection and prioritization in network systems. Our approach gathers comprehensive asset information and network logs from multiple Network Intrusion Detection Systems (NIDSs). Through data processing and collation, the network data undergoes significant noise reduction and transformation into a network communication graph format. Subsequently, a Graph Neural Network (GNN) based anomaly detection algorithm is employed to extract and prioritize potential attack paths on the graph. This methodology leverages the power of unsupervised Machine Learning (ML) techniques and operates independently of prior attack databases. Incorporating path mining techniques, our algorithm provides visibility into identified attack propagation chain and the sequence of assets involved, which offers more valuable information compared to the repetitive atomic network traffic data from NIDSs. The algorithm is evaluated using the UNSW-NB15 dataset and proven to be effective and accurate with comprehensive experiment settings.
ISSN:2768-0029
DOI:10.1109/CSNet59123.2023.10339775