Improving Network Threat Detection by Knowledge Graph, Large Language Model, and Imbalanced Learning
This addresses network security challenges for organizations, though it appears incremental as it builds on existing analytics and AI methods.
The paper tackles network threat detection by proposing an integrated framework combining knowledge graphs, large language models, and imbalanced learning to analyze user activity patterns, resulting in a 3%-4% improvement in threat capture rate and increased interpretability of risk predictions.
Network threat detection has been challenging due to the complexities of attack activities and the limitation of historical threat data to learn from. To help enhance the existing practices of using analytics, machine learning, and artificial intelligence methods to detect the network threats, we propose an integrated modelling framework, where Knowledge Graph is used to analyze the users' activity patterns, Imbalanced Learning techniques are used to prune and weigh Knowledge Graph, and LLM is used to retrieve and interpret the users' activities from Knowledge Graph. The proposed framework is applied to Agile Threat Detection through Online Sequential Learning. The preliminary results show the improved threat capture rate by 3%-4% and the increased interpretabilities of risk predictions based on the users' activities.