TY - GEN
T1 - Heterogeneous Graph Transformer for Advanced Persistent Threat Classification in Wireless Networks
AU - Saheed, Kazeem
AU - Henna, Shagufta
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Advanced Persistent Threats (APTs) have significantly impacted organizations over an extended period with their coordinated and sophisticated cyberattacks. Unlike signature-based tools such as antivirus and firewalls that can detect and block other types of malware, APTs exploit zero-day vulnerabilities to generate new variants of undetectable malware. Additionally, APT adversaries engage in complex relationships and interactions within network entities, necessitating the learning of interactions in network traffic flows, such as hosts, users, or IP addresses, for effective detection. However, traditional deep neural networks often fail to capture the inherent graph structure and overlook crucial contextual information in network traffic flows. To address these issues, this research models APTs as heterogeneous graphs, capturing the diverse features and complex interactions in network flows. Consequently, a hetero-geneous graph transformer (HGT) model is used to accurately distinguish between benign and malicious network connections. Experiment results reveal that the HGT model achieves better performance, with 100 % accuracy and accelerated learning time, outperferming homogeneous graph neural network models.
AB - Advanced Persistent Threats (APTs) have significantly impacted organizations over an extended period with their coordinated and sophisticated cyberattacks. Unlike signature-based tools such as antivirus and firewalls that can detect and block other types of malware, APTs exploit zero-day vulnerabilities to generate new variants of undetectable malware. Additionally, APT adversaries engage in complex relationships and interactions within network entities, necessitating the learning of interactions in network traffic flows, such as hosts, users, or IP addresses, for effective detection. However, traditional deep neural networks often fail to capture the inherent graph structure and overlook crucial contextual information in network traffic flows. To address these issues, this research models APTs as heterogeneous graphs, capturing the diverse features and complex interactions in network flows. Consequently, a hetero-geneous graph transformer (HGT) model is used to accurately distinguish between benign and malicious network connections. Experiment results reveal that the HGT model achieves better performance, with 100 % accuracy and accelerated learning time, outperferming homogeneous graph neural network models.
KW - Deep learning for APTs
KW - Graph neural networks for cybersecurity
KW - heterogeneous graphs
KW - signature-based
KW - zero-day vulnerabilities
UR - http://www.scopus.com/inward/record.url?scp=85180375978&partnerID=8YFLogxK
U2 - 10.1109/NFV-SDN59219.2023.10329745
DO - 10.1109/NFV-SDN59219.2023.10329745
M3 - Conference contribution
AN - SCOPUS:85180375978
T3 - 2023 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2023 - Proceedings
SP - 15
EP - 20
BT - 2023 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2023 - Proceedings
A2 - Fitzek, Frank H.P.
A2 - Horner, Larry
A2 - Gharbaoui, Molka
A2 - Nguyen, Giang
A2 - Gu, Rentao
A2 - Meuser, Tobias
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2023
Y2 - 7 November 2023 through 9 November 2023
ER -