An Anomaly Detection Method Based on Meta-Path and Heterogeneous Graph Attention Network

Zheheng Peng, Chun Shan*, Changzhen Hu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Advanced Persistent Threats (APT) in the current network environment are becoming increasingly complex and diverse. Most existing APT anomaly detection is based on attack knowledge bases and preset rules, which are difficult to design and cannot make good use of the rich semantic information in the original log data. This results in poor detection of unknown attacks. This paper proposes an anomaly detection method based on meta-path and heterogeneous provenance graph. We design a heterogeneous graph structure to represent provenance graph, and define the meta-paths of the PROCESS nodes. Then we use Heterogeneous Graph Attention Network (HAN) to learn the embedding representation of the nodes based on meta-paths. The resulting graph's node embedding is used as node features, and then we apply SVDD algorithm to identify anomalous nodes. A series of experiments were conducted on the Unicorn SC-2 dataset to validate the proposed method. The final results demonstrate that our method outperforms two current anomaly detection systems.

Original languageEnglish
Title of host publication2024 5th International Conference on Computer Engineering and Application, ICCEA 2024
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages137-140
Number of pages4
ISBN (Electronic)9798350386776
DOIs
Publication statusPublished - 2024
Event5th International Conference on Computer Engineering and Application, ICCEA 2024 - Hybrid, Hangzhou, China
Duration: 12 Apr 202414 Apr 2024

Publication series

Name2024 5th International Conference on Computer Engineering and Application, ICCEA 2024

Conference

Conference5th International Conference on Computer Engineering and Application, ICCEA 2024
Country/TerritoryChina
CityHybrid, Hangzhou
Period12/04/2414/04/24

Keywords

  • Anomaly Detection
  • Heterogeneous Graph Attention Network
  • meta-path
  • Provenance Graph
  • SVDD

Fingerprint

Dive into the research topics of 'An Anomaly Detection Method Based on Meta-Path and Heterogeneous Graph Attention Network'. Together they form a unique fingerprint.

Cite this

Peng, Z., Shan, C., & Hu, C. (2024). An Anomaly Detection Method Based on Meta-Path and Heterogeneous Graph Attention Network. In 2024 5th International Conference on Computer Engineering and Application, ICCEA 2024 (pp. 137-140). (2024 5th International Conference on Computer Engineering and Application, ICCEA 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCEA62105.2024.10604208