Simplicial complexes in network intrusion profiling

TL;DR

This paper introduces a novel method using simplicial complexes to model network intrusion data, enhancing detection and characterization of attacks compared to traditional graph-based approaches.

Contribution

The paper proposes a new approach employing simplicial complexes for intrusion detection, generalizing previous graph methods and providing richer features for identifying attacks.

Findings

Simplicial complex-based features improve intrusion detection accuracy.

The approach captures higher-order network structures beyond simple graphs.

Compared to classical methods, it offers better characterization of attack patterns.

Abstract

For studying intrusion detection data we consider data points referring to individual IP addresses and their connections: We build networks associated with those data points, such that vertices in a graph are associated via the respective IP addresses, with the key property that attacked data points are part of the structure of the network. More precisely, we propose a novel approach using simplicial complexes to model the desired network and the respective intrusions in terms of simplicial attributes thus generalizing previous graph-based approaches. Adapted network centrality measures related to simplicial complexes yield so-called patterns associated to vertices, which themselves contain a set of features. These are then used to describe the attacked or the attacker vertices, respectively. Comparing this new strategy with classical concepts demonstrates the advantages of the presented approach using simplicial features for detecting and characterizing intrusions.