Use of Graph Neural Networks in Aiding Defensive Cyber Operations
This work addresses cyber defense for organizations by proposing a modern ML approach, but it appears incremental as it discusses applications without presenting new experimental results or benchmarks.
The paper tackles the problem of defending against rapidly evolving cyber-attacks by applying Graph Neural Networks (GNNs) to break each stage of the Lockheed Martin Cyber Kill Chain, aiming to enhance defensive measures through processing heterogeneous cyber threat data.
In an increasingly interconnected world, where information is the lifeblood of modern society, regular cyber-attacks sabotage the confidentiality, integrity, and availability of digital systems and information. Additionally, cyber-attacks differ depending on the objective and evolve rapidly to disguise defensive systems. However, a typical cyber-attack demonstrates a series of stages from attack initiation to final resolution, called an attack life cycle. These diverse characteristics and the relentless evolution of cyber attacks have led cyber defense to adopt modern approaches like Machine Learning to bolster defensive measures and break the attack life cycle. Among the adopted ML approaches, Graph Neural Networks have emerged as a promising approach for enhancing the effectiveness of defensive measures due to their ability to process and learn from heterogeneous cyber threat data. In this paper, we look into the application of GNNs in aiding to break each stage of one of the most renowned attack life cycles, the Lockheed Martin Cyber Kill Chain. We address each phase of CKC and discuss how GNNs contribute to preparing and preventing an attack from a defensive standpoint. Furthermore, We also discuss open research areas and further improvement scopes.