32 matches found
Filter-Then-Verify: A Multiphase GNN and ModernBERT Framework for Social Engineering Detection in Email Networks
Social engineering attacks exploit human trust rather than software vulnerabilities, making them difficult to detect using conventional filters. We propose a two-stage filter-then-verify framework combining inductive Graph Neural Networks GNNs for structural anomaly detection with a co-attention...
Graph Neural Network-Based DDoS Protection for Data Center Infrastructure
In light of rising cybersecurity threats, data center providers face growing pressure to protect their own management infrastructure from Distributed Denial-of-Service DDoS attacks. While tenant-managed cages generally fall outside the data center's direct security purview, a successful DDoS...
Learning the APT Kill Chain: Temporal Reasoning over Provenance Data for Attack Stage Estimation
Advanced Persistent Threats APTs evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a temporal graph learning framework for multi-stage attack...
Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection
The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...
PROVEX: Enhancing SOC Analyst Trust with Explainable Provenance-Based IDS
Modern intrusion detection systems IDS leverage graph neural networks GNNs to detect malicious activity in system provenance data, but their decisions often remain a black box to analysts. This paper presents a comprehensive XAI framework designed to bridge the trust gap in Security Operations...
Beyond Detection: A Comprehensive Benchmark and Study on Representation Learning for Fine-Grained Webshell Family Classification
Malicious WebShells pose a significant and evolving threat by compromising critical digital infrastructures and endangering public services in sectors such as healthcare and finance. While the research community has made significant progress in WebShell detection i.e., distinguishing malicious...
A Research and Development Portfolio of GNN Centric Malware Detection, Explainability, and Dataset Curation
Graph Neural Networks GNNs have become an effective tool for malware detection by capturing program execution through graph-structured representations. However, important challenges remain regarding scalability, interpretability, and the availability of reliable datasets. This paper brings togeth...
GRAPHTEXTACK: A Realistic Black-Box Node Injection Attack on LLM-Enhanced GNNs
Text-attributed graphs TAGs, which combine structural and textual node information, are ubiquitous across many domains. Recent work integrates Large Language Models LLMs with Graph Neural Networks GNNs to jointly model semantics and structure, resulting in more general and expressive models that...
GraphFaaS: Serverless GNN Inference for Burst-Resilient, Real-Time Intrusion Detection
Provenance-based intrusion detection is an increasingly popular application of graphical machine learning in cybersecurity, where system activities are modeled as provenance graphs to capture causality and correlations among potentially malicious actions. Graph Neural Networks GNNs have...
A Survey of Heterogeneous Graph Neural Networks for Cybersecurity Anomaly Detection
Anomaly detection is a critical task in cybersecurity, where identifying insider threats, access violations, and coordinated attacks is essential for ensuring system resilience. Graph-based approaches have become increasingly important for modeling entity interactions, yet most rely on homogeneou...
Attention Augmented GNN RNN-Attention Models for Advanced Cybersecurity Intrusion Detection
In this paper, we propose a novel hybrid deep learning architecture that synergistically combines Graph Neural Networks GNNs, Recurrent Neural Networks RNNs, and multi-head attention mechanisms to significantly enhance cybersecurity intrusion detection capabilities. By leveraging the comprehensiv...
PromoGuardian: Detecting Promotion Abuse Fraud with Multi-Relation Fused Graph Neural Networks
As e-commerce platforms develop, fraudulent activities are increasingly emerging, posing significant threats to the security and stability of these platforms. Promotion abuse is one of the fastest-growing types of fraud in recent years and is characterized by users exploiting promotional activiti...
A Graph-Attentive LSTM Model for Malicious URL Detection
Malicious URLs pose significant security risks as they facilitate phishing attacks, distribute malware, and empower attackers to deface websites. Blacklist detection methods fail to identify new or obfuscated URLs because they depend on pre-existing patterns. This work presents a hybrid deep...
GNN-Enhanced Traffic Anomaly Detection for Next-Generation SDN-Enabled Consumer Electronics
Consumer electronics CE connected to the Internet of Things are susceptible to various attacks, including DDoS and web-based threats, which can compromise their functionality and facilitate remote hijacking. These vulnerabilities allow attackers to exploit CE for broader system attacks while...
NatGVD: Natural Adversarial Example Attack Towards Graph-Based Vulnerability Detection
Graph-based models learn rich code graph structural information and present superior performance on various code analysis tasks. However, the robustness of these models against adversarial example attacks in the context of vulnerability detection remains an open question. This paper proposes...
Anomaly Detection in Industrial Control Systems Based on Cross-Domain Representation Learning
Industrial control systems ICSs are widely used in industry, and their security and stability are very important. Once the ICS is attacked, it may cause serious damage. Therefore, it is very important to detect anomalies in ICSs. ICS can monitor and manage physical devices remotely using...
Explainable Ensemble Learning for Graph-Based Malware Detection
Malware detection in modern computing environments demands models that are not only accurate but also interpretable and robust to evasive techniques. Graph neural networks GNNs have shown promise in this domain by modeling rich structural dependencies in graph-based program representations such a...
ProvX: Generating Counterfactual-Driven Attack Explanations for Provenance-Based Detection
Provenance graph-based intrusion detection systems are deployed on hosts to defend against increasingly severe Advanced Persistent Threat. Using Graph Neural Networks to detect these threats has become a research focus and has demonstrated exceptional performance. However, the widespread adoption...
Privacy Risk Predictions Based on Fundamental Understanding of Personal Data and an Evolving Threat Landscape
It is difficult for individuals and organizations to protect personal information without a fundamental understanding of relative privacy risks. By analyzing over 5,000 empirical identity theft and fraud cases, this research identifies which types of personal data are exposed, how frequently...
Poster: Enhancing GNN Robustness for Network Intrusion Detection Via Agent-Based Analysis
Graph Neural Networks GNNs show great promise for Network Intrusion Detection Systems NIDS, particularly in IoT environments, but suffer performance degradation due to distribution drift and lack robustness against realistic adversarial attacks. Current robustness evaluations often rely on...