Pro-ZD: A Transferable Graph Neural Network Approach for Proactive Zero-Day Threats Mitigation

TL;DR

Pro-ZD introduces a graph neural network-based framework that proactively detects and mitigates zero-day threats by identifying risky network paths and automatically adjusting firewall rules, demonstrating high accuracy and transferability.

Contribution

The paper presents a novel GNN model for identifying risky network paths and a proactive framework for automatic firewall policy adjustment to prevent zero-day threats.

Findings

Achieves over 95% accuracy in detecting high-risk connections.

Demonstrates robustness and transferability across different network scenarios.

Effectively identifies critical asset exposures in dynamic network environments.

Abstract

In today's enterprise network landscape, the combination of perimeter and distributed firewall rules governs connectivity. To address challenges arising from increased traffic and diverse network architectures, organizations employ automated tools for firewall rule and access policy generation. Yet, effectively managing risks arising from dynamically generated policies, especially concerning critical asset exposure, remains a major challenge. This challenge is amplified by evolving network structures due to trends like remote users, bring-your-own devices, and cloud integration. This paper introduces a novel graph neural network model for identifying weighted shortest paths. The model aids in detecting network misconfigurations and high-risk connectivity paths that threaten critical assets, potentially exploited in zero-day attacks -- cyber-attacks exploiting undisclosed vulnerabilities. The proposed Pro-ZD framework adopts a proactive approach, automatically fine-tuning firewall rules and access policies to address high-risk connections and prevent unauthorized access. Experimental results highlight the robustness and transferability of Pro-ZD, achieving over 95% average accuracy in detecting high-risk connections. \