Loading…
Graph-Based Attack Path Discovery for Network Security
Enterprise network systems are confronted with an escalating threat landscape, requiring timely and effective attack detection and mitigation of the risk of potential financial losses and system damages. However, existing algorithms mostly rely on machine learning techniques or attack knowledge base...
Saved in:
Main Authors: | , , , , , |
---|---|
Format: | Conference Proceeding |
Language: | English |
Subjects: | |
Online Access: | Request full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Enterprise network systems are confronted with an escalating threat landscape, requiring timely and effective attack detection and mitigation of the risk of potential financial losses and system damages. However, existing algorithms mostly rely on machine learning techniques or attack knowledge bases. They face challenges dealing with the large volumes of noisy network logs in enterprises, as well as the emergence of unknown cyber attacks. Moreover, previous research has predominantly focused on anomaly detection using raw network traffic capture, with limited exploration on attack path prioritization. To address these challenges, this paper introduces a novel algorithm for attack path detection and prioritization in network systems. Our approach gathers comprehensive asset information and network logs from multiple Network Intrusion Detection Systems (NIDSs). Through data processing and collation, the network data undergoes significant noise reduction and transformation into a network communication graph format. Subsequently, a Graph Neural Network (GNN) based anomaly detection algorithm is employed to extract and prioritize potential attack paths on the graph. This methodology leverages the power of unsupervised Machine Learning (ML) techniques and operates independently of prior attack databases. Incorporating path mining techniques, our algorithm provides visibility into identified attack propagation chain and the sequence of assets involved, which offers more valuable information compared to the repetitive atomic network traffic data from NIDSs. The algorithm is evaluated using the UNSW-NB15 dataset and proven to be effective and accurate with comprehensive experiment settings. |
---|---|
ISSN: | 2768-0029 |
DOI: | 10.1109/CSNet59123.2023.10339775 |