Practical Cyber Attack Detection With Continuous Temporal Graph in Dynamic Network System

Page view(s)
21
Checked on Jul 11, 2024
Practical Cyber Attack Detection With Continuous Temporal Graph in Dynamic Network System
Title:
Practical Cyber Attack Detection With Continuous Temporal Graph in Dynamic Network System
Journal Title:
IEEE Transactions on Information Forensics and Security
Keywords:
Publication Date:
09 April 2024
Citation:
Duan, G., Lv, H., Wang, H., Feng, G., & Li, X. (2024). Practical Cyber Attack Detection With Continuous Temporal Graph in Dynamic Network System. IEEE Transactions on Information Forensics and Security, 19, 4851–4864. https://doi.org/10.1109/tifs.2024.3385321
Abstract:
Deep learning (DL) greatly enhances cyber anomaly detection capabilities through effective statistical network characteristic. However, previous methods have not fully addressed two real-world scenario-driven challenges. 1) Frequent node access and disconnection sourced from free-bounded 5G/B5G cyberspace introduce unfamiliar communication behavior patterns, reducing the detection ability of the pre-trained DL model. 2) Low-frequency or sporadic communication behaviors lack stable patterns, posing a challenge for existing AI-driven models, including DL-based detection methods. To address these issues, we propose a cyber anomaly detection framework based on Continuous Temporal Graph (CTG) neural network from a new interaction-centered perspective. The proposed framework refines the concrete information interaction between network entities into the CTG evolution process, thereby naturally incorporating new node access behaviors into feature extraction on CTG neural network. We furthermore present a message aggregation scheme on CTG with fusion of spatio-temporal neighborhood, the actual time distribution and the historical state, thus transforming communication into a more stable pattern for the learning of low-frequency interactions. Extensive experiments on 4 novel datasets, including ToN-IoT, UNSWNB15, CIC-Dark2020, J.P. Morgan payment, demonstrate that our approach outperforms state-of-the-art methods, particularly in detecting new access and low-frequency behaviors.
License type:
Publisher Copyright
Funding Info:
The research was supported by the National Natural Science Foundation of China (no.62272126), the Fundamental Research Funds for the Central Universities. Special Project for Industrial Foundation Reconstruction and High Quality Development of Manufacturing Industry by the Ministry of Industry and Information Technology (no.TC220A04X-1).
Description:
© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
ISSN:
1556-6021
1556-6013
Files uploaded:

File Size Format Action
practical-cyber-attack-detection-with-continuous-temporal-graph-in-dynamic-network-system.pdf 5.91 MB PDF Request a copy