Using Graph Representation in Host-Based Intrusion Detection

Hu, Zhichao; Liu, Likun; Yu, Haining; Yu, Xiangzhan

doi:10.1155/2021/6291276

Cited by 3 publications

(3 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Random walks have been successfully applied to a large range of domains such as recommender systems and computer vision [18]. Despite the current success of recent GNNs, random walks are still used in recent graph-based intrusion detection works [19], [20], [21], [22]. Indeed, these algorithms demonstrate strong capabilities at capturing graph information and node co-occurrence relations while using self-supervised embedding techniques, namely the graph structure and features are used as the label for the predictive task.…”

Section: B Random Walk-based Learningmentioning

confidence: 99%

“…graph. In reference [20], a random walk-based approach is proposed to detect host intrusions from system call traces. The graph is built from a sequence of system calls captured from local computers, where a node represents a syscall and the sequential relation between two syscalls is an edge.…”

Section: Table 3 State-of-the-art Papers For Host-based Intrusion Det...mentioning

confidence: 99%

See 1 more Smart Citation

Graph Neural Networks for Intrusion Detection: A Survey

Bilot

Madhoun

Agha³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Cyberattacks represent an ever-growing threat that has become a real priority for most organizations. Attackers use sophisticated attack scenarios to deceive defense systems in order to access private data or cause harm. Machine Learning (ML) and Deep Learning (DL) have demonstrate impressive results for detecting cyberattacks due to their ability to learn generalizable patterns from flat data. However, flat data fail to capture the structural behavior of attacks, which is essential for effective detection. Contrarily, graph structures provide a more robust and abstract view of a system that is difficult for attackers to evade. Recently, Graph Neural Networks (GNNs) have become successful in learning useful representations from the semantic provided by graph-structured data. Intrusions have been detected for years using graphs such as network flow graphs or provenance graphs, and learning representations from these structures can help models understand the structural patterns of attacks, in addition to traditional features. In this survey, we focus on the applications of graph representation learning to the detection of network-based and hostbased intrusions, with special attention to GNN methods. For both network and host levels, we present the graph data structures that can be leveraged and we comprehensively review the state-of-the-art papers along with the used datasets. Our analysis reveals that GNNs are particularly efficient in cybersecurity, since they can learn effective representations without requiring any external domain knowledge. We also evaluate the robustness of these techniques based on adversarial attacks. Finally, we discuss the strengths and weaknesses of GNN-based intrusion detection and identify future research directions.INDEX TERMS Cyberattacks, cybersecurity, deep learning (DL), graph neural networks (GNNs), intrusion detection (IDS), machine learning (ML).

show abstract

Section: B Random Walk-based Learningmentioning

confidence: 99%

Section: Table 3 State-of-the-art Papers For Host-based Intrusion Det...mentioning

confidence: 99%

Graph Neural Networks for Intrusion Detection: A Survey

Bilot

Madhoun

Agha³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Recent research has focused on using system calls as a basis for intrusion detection, with an increasing number of papers exploring this approach. System calls provide the raw source of information about what the applications are doing in the system and they allow us to predict the maliciousness of the application itself [8][9][10]. An operating system API function call (or a system call) is a programmatic way to request the operating system to perform an activity.…”

Section: Introductionmentioning

confidence: 99%

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Vyšniūnas,

Čeponis,

Goranin

et al. 2024

Electronics

View full text Add to dashboard Cite

Malware intrusion is a serious threat to cybersecurity; that is why new and innovative methods are constantly being developed to detect and prevent it. This research focuses on malware intrusion detection through the usage of system calls and machine learning. An effective and clearly described system-call grouping method could increase the various metrics of machine learning methods, thereby improving the malware detection rate in host-based intrusion-detection systems. In this article, a risk-based system-call sequence grouping method is proposed that assigns riskiness values from low to high based on function risk value. The application of the newly proposed grouping method improved classification accuracy by 23.4% and 7.6% with the SVM and DT methods, respectively, compared to previous results obtained on the same methods and data. The results suggest the use of lightweight machine learning methods for malware attack can ensure detection accuracy comparable to deep learning methods.

show abstract