Machine learning on knowledge graphs for context-aware security monitoring

Garrido, Josep Soler; Dold, Dominik; Frank, Johannes

doi:10.1109/csr51186.2021.9527927

Cited by 16 publications

(9 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Josep Soler Garrido et al [6] proposed to use relational learning on knowledge graphs to ensure security monitoring and accomplish intrusion detection. They apply ML techniques on knowledge graphs to detect unexpected activity in industrial automation systems.…”

Section: Related Workmentioning

confidence: 99%

Efficient Network Representation for GNN-Based Intrusion Detection

Friji

Olivereau

Sarkiss

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The last decades have seen a growth in the number of cyberattacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers' activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes' features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems' performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.

show abstract

Section: Related Workmentioning

confidence: 99%

Efficient Network Representation for GNN-Based Intrusion Detection

Friji

Olivereau

Sarkiss

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Data structure processing, malicious behavior KG creation, behavior reasoning, and feedback are all handled by the network security knowledge base. In 2021, Garrido et al [100] applied a machine learning method to KGs to identify unusual behaviors in industrial automation systems integrating IT and OT elements. Using a readily available ontology [103], this study builds a KG by combining three major sources of knowledge: automation system information, application-level observations (e.g., data access events), and network observations (e.g., connections between hosts).…”

Section: Intrusion Detectionmentioning

confidence: 99%

“…The method closes a key gap and offers up a variety of data sources for KG construction by making the log data suitable for semantic analysis. As mentioned earlier in Section 4.2, Garrido et al [100] proposed the application of machine learning on KGs to increase the utility of the IDS-generated alerts for human operators by improving their quality and relevance in modern industrial systems.…”

Section: Security Alert or Event Correlation Analysismentioning

confidence: 99%

“…Despite the various traditional network architectures, it is also important to research the security of industrial control systems with a suitable experimental network. In the research of [100], a hardware prototype was described for evaluation based on the architecture of current industrial systems merging IT and OT aspects. A Siemens S7-1500 PLC is used for the automation side, and it is linked to peripherals through an industrial network.…”

Section: Connection To the Physical Systemmentioning

confidence: 99%

See 1 more Smart Citation

Recent Progress of Using Knowledge Graph for Cybersecurity

et al. 2022

View full text Add to dashboard Cite

In today’s dynamic complex cyber environments, Cyber Threat Intelligence (CTI) and the risk of cyberattacks are both increasing. This means that organizations need to have a strong understanding of both their internal CTI and their external CTI. The potential for cybersecurity knowledge graphs is evident in their ability to aggregate and represent knowledge about cyber threats, as well as their ability to manage and reason with that knowledge. While most existing research has focused on how to create a full knowledge graph, how to utilize the knowledge graph to tackle real-world industrial difficulties in cyberattack and defense situations is still unclear. In this article, we give a quick overview of the cybersecurity knowledge graph’s core concepts, schema, and building methodologies. We also give a relevant dataset review and open-source frameworks on the information extraction and knowledge creation job to aid future studies on cybersecurity knowledge graphs. We perform a comparative assessment of the many works that expound on the recent advances in the application scenarios of cybersecurity knowledge graph in the majority of this paper. In addition, a new comprehensive classification system is developed to define the linked works from 9 core categories and 18 subcategories. Finally, based on the analyses of existing research issues, we have a detailed overview of various possible research directions.

show abstract

“…Sakthivel et al [29] employed a Recursive Neural Network (RNN) algorithm to monitor and prevent the cyber system from cyberattacks in a manufacturing company. Garrido et al [30] adopted a graph learning algorithm to detect intrusion, score anomalous activities and monitor security in industrial automation systems. These applications give the construction industry useful insights into how to create a monitoring system to identify any threat or vulnerability in real-time and simultaneously calculate the risk, based on which an action can be automatically elicited.…”

Section: Machine Learning In Risk Managementmentioning

confidence: 99%

A preliminary SWOT evaluation for the applications of ML to Cyber Risk Analysis in the Construction Industry

Yao

Soto

2022

IOP Conf. Ser.: Mater. Sci. Eng.

View full text Add to dashboard Cite

Construction 4.0 is driving construction towards a data-centered industry. Construction firms manage significant amounts of valuable digital information, making them the target of cyberattacks, which not only compromise stored information but could cause severe harm to cyber-physical systems, personnel, and products. Therefore, it is critical to conduct cyber risk analyses to manage construction information assets to ensure their confidentiality, integrity, and availability. Traditional risk analysis methodologies like Fault Tree Analysis have limitations in dealing with the rapidly evolving cyber risks. As an alternative, Machine Learning (ML) methods are finding their way into the risk analysis field. ML models developed for cybersecurity purposes can learn from past results to make reliable predictions while removing the laboriousness of the traditional risk analysis. This article reviews ML techniques used for cyber risk analysis in different industries in recent years. Based on that, we investigate how ML techniques could be used for cyber risk analysis. Afterward, a SWOT analysis is conducted to identify the Strengths, Weaknesses, Opportunities, and Threats regarding the applications of ML in cyber risk analysis in the construction industry, and recommendations to address the weaknesses and threats are presented. Finally, future research areas using ML to prevent cyberattacks in the construction industry are proposed.

show abstract

Machine learning on knowledge graphs for context-aware security monitoring

Cited by 16 publications

References 24 publications

Efficient Network Representation for GNN-Based Intrusion Detection

Efficient Network Representation for GNN-Based Intrusion Detection

Recent Progress of Using Knowledge Graph for Cybersecurity

A preliminary SWOT evaluation for the applications of ML to Cyber Risk Analysis in the Construction Industry

Contact Info

Product

Resources

About