Detecting Anomalous Network Communication Patterns Using Graph Convolutional Networks
CoRR(2023)
摘要
To protect an organizations' endpoints from sophisticated cyberattacks,
advanced detection methods are required. In this research, we present
GCNetOmaly: a graph convolutional network (GCN)-based variational autoencoder
(VAE) anomaly detector trained on data that include connection events among
internal and external machines. As input, the proposed GCN-based VAE model
receives two matrices: (i) the normalized adjacency matrix, which represents
the connections among the machines, and (ii) the feature matrix, which includes
various features (demographic, statistical, process-related, and Node2vec
structural features) that are used to profile the individual nodes/machines.
After training the model on data collected for a predefined time window, the
model is applied on the same data; the reconstruction score obtained by the
model for a given machine then serves as the machine's anomaly score.
GCNetOmaly was evaluated on real, large-scale data logged by Carbon Black EDR
from a large financial organization's automated teller machines (ATMs) as well
as communication with Active Directory (AD) servers in two setups: unsupervised
and supervised. The results of our evaluation demonstrate GCNetOmaly's
effectiveness in detecting anomalous behavior of machines on unsupervised data.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要