Temporal graph-based approach for behavioural entity classification
This addresses cybersecurity entity classification by improving characterization of evolving attack and normal behaviors, but it appears incremental as it builds on existing graph-based methods.
The paper tackled the problem of classifying entities in cybersecurity by converting network classification into a graph-based behavioral task, using temporal dissection and clustering to handle evolving behaviors, and proposed deep learning with Graph Convolutional Networks for classification.
Graph-based analyses have gained a lot of relevance in the past years due to their high potential in describing complex systems by detailing the actors involved, their relations and their behaviours. Nevertheless, in scenarios where these aspects are evolving over time, it is not easy to extract valuable information or to characterize correctly all the actors. In this study, a two phased approach for exploiting the potential of graph structures in the cybersecurity domain is presented. The main idea is to convert a network classification problem into a graph-based behavioural one. We extract these graph structures that can represent the evolution of both normal and attack entities and apply a temporal dissection approach in order to highlight their micro-dynamics. Further, three clustering techniques are applied to the normal entities in order to aggregate similar behaviours, mitigate the imbalance problem and reduce noisy data. Our approach suggests the implementation of two promising deep learning paradigms for entity classification based on Graph Convolutional Networks.