One-Class Order Embedding for Dependency Relation Prediction

Chiang, Meng-Fen; Lim, Ee-Peng; Lee, Wang-Chien; Ashok, Xavier Jayaraj Siddarth; Prasetyo, Philips Kokoh

doi:10.1145/3331184.3331249

Cited by 4 publications

(1 citation statement)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our method, we employ a subgraph embedding function that effectively addresses both issues. For this, we utilize the notion of order embedding, which aims to encode the ordering properties among entities into target representation space [2,9,69,70]. Order embeddings specifically model hierarchical relations with anti-symmetry and partial-order transitivity, which are inherent to subgraph relationships.…”

Section: Problem Formulationmentioning

confidence: 99%

ProvG-Searcher: A Graph Representation Learning Approach for Efficient Provenance Graph Search

Altinisik,

Deniz,

Sencar

2023

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

We present ProvG-Searcher, a novel approach for detecting known APT behaviors within system security logs. Our approach leverages provenance graphs, a comprehensive graph representation of event logs, to capture and depict data provenance relations by mapping system entities as nodes and their interactions as edges. We formulate the task of searching provenance graphs as a subgraph matching problem and employ a graph representation learning method. The central component of our search methodology involves embedding of subgraphs in a vector space where subgraph relationships can be directly evaluated. We achieve this through the use of order embeddings that simplify subgraph matching to straightforward comparisons between a query and precomputed subgraph representations. To address challenges posed by the size and complexity of provenance graphs, we propose a graph partitioning scheme and a behavior-preserving graph reduction method. Overall, our technique offers significant computational efficiency, allowing most of the search computation to be performed offline while incorporating a lightweight comparison step during query execution. Experimental results on standard datasets demonstrate that ProvG-Searcher achieves superior performance, with an accuracy exceeding 99% in detecting query behaviors and a false positive rate of approximately 0.02%, outperforming other approaches. CCS CONCEPTS• Security and privacy → Intrusion detection systems; Systems security; Intrusion/anomaly detection and malware mitigation.

show abstract

Section: Problem Formulationmentioning

confidence: 99%