Affiliation:
1. Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA
2. Department of Mathematics and Statistics, University of West Florida, Pensacola, FL 32514, USA
Abstract
This work uses Memgraph, an open-source graph data platform, to analyze, visualize, and apply graph machine learning techniques to detect cybersecurity attack tactics in a newly created Zeek Conn log dataset, UWF-ZeekData22, generated in The University of West Florida’s cyber simulation environment. The dataset is transformed to a representative graph, and the graph’s properties studied in this paper are PageRank, degree, bridge, weakly connected components, node and edge cardinality, and path length. Node classification is used to predict the connection between IP addresses and ports as a form of attack tactic or non-attack tactic in the MITRE framework, implemented using Memgraph’s graph neural networks. Multi-classification is performed using the attack tactics, and three different graph neural network models are compared. Using only three graph features, in-degree, out-degree, and PageRank, Memgraph’s GATJK model performs the best, with source node classification accuracy of 98.51% and destination node classification accuracy of 97.85%.
Reference30 articles.
1. Howarth, J. (2023, June 13). The Ultimate List of Cyber Attack Stats. Exploding Topics. Available online: https://explodingtopics.com/blog/cybersecurity-stats.
2. (2023, June 10). Memgraph. “Memgraph Documentation”. Memgraph Docs. Available online: https://memgraph.com/docs.
3. (2023, August 02). UWF-ZeekData22 Dataset. Available online: https://datasets.uwf.edu.
4. Bagui, S.S., Mink, D., Bagui, S.C., Ghosh, T., Plenkers, R., McElroy, T., Dulaney, S., and Shabanali, S. (2023). Introducing UWF-ZeekData22: A Comprehensive Network Traffic Dataset Based on the MITRE ATT&CK Framework. Data, 8.
5. (2023, October 20). Neo4j, vs. Memgraph—How to Choose a Graph Database?. Available online: https://memgraph.com/blog/neo4j-vs-memgraph.