Temporal graph-based approach for behavioural entity classification

TL;DR

This paper introduces a temporal graph-based method for classifying behavioral entities in cybersecurity, transforming network classification into a dynamic graph analysis to better capture evolving behaviors.

Contribution

It presents a novel two-phase approach using temporal graph structures and clustering, along with deep learning models, to improve entity classification in cybersecurity.

Findings

Effective representation of entity evolution over time

Clustering reduces noise and class imbalance

Deep learning models enhance classification accuracy

Abstract

Graph-based analyses have gained a lot of relevance in the past years due to their high potential in describing complex systems by detailing the actors involved, their relations and their behaviours. Nevertheless, in scenarios where these aspects are evolving over time, it is not easy to extract valuable information or to characterize correctly all the actors. In this study, a two phased approach for exploiting the potential of graph structures in the cybersecurity domain is presented. The main idea is to convert a network classification problem into a graph-based behavioural one. We extract these graph structures that can represent the evolution of both normal and attack entities and apply a temporal dissection approach in order to highlight their micro-dynamics. Further, three clustering techniques are applied to the normal entities in order to aggregate similar behaviours, mitigate the imbalance problem and reduce noisy data. Our approach suggests the implementation of two promising deep learning paradigms for entity classification based on Graph Convolutional Networks.