STEP: Spatial-Temporal Network Security Event Prediction
This work addresses network security for operators by improving event prediction, but it is incremental as it builds on existing methods by adding spatial analysis.
The paper tackles network security event prediction by combining spatial and temporal characteristics, proposing the STEP model which uses graph convolution and LSTM to capture these features. Experimental results show STEP achieves higher prediction accuracy than benchmarks like LSTM and ConvLSTM on two public datasets.
Network security events prediction helps network operators to take response strategies from a proactive perspective, and reduce the cost caused by network attacks, which is of great significance for maintaining the security of the entire network. Most of the existing event prediction methods rely on temporal characteristics and are dedicated to exploring time series predictions, but ignoring the spatial relationship between hosts. This paper combines the temporal and spatial characteristics of security events and proposes a spatial-temporal event prediction model, named STEP. In particular, STEP formulates the security events prediction into a spatial-temporal sequence prediction. STEP utilizes graph convolution operation to capture the spatial characteristics of hosts in the network, and adopts the long short term memory (LSTM) to capture the dynamic temporal dependency of events. This paper verifies the proposed STEP scheme on two public data sets. The experimental results show that the prediction accuracy of security events under STEP is higher than that of benchmark models such as LSTM, ConvLSTM. Besides, STEP achieves high prediction accuracy when we predict events from different lengths of sequence.