MLTracer: Malicious Logins Detection System via Graph Neural Network
Title | MLTracer: Malicious Logins Detection System via Graph Neural Network |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Liu, F., Wen, Y., Wu, Y., Liang, S., Jiang, X., Meng, D. |
Conference Name | 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) |
Date Published | Jan. 2021 |
Publisher | IEEE |
ISBN Number | 978-0-7381-4380-4 |
Keywords | co-attention mechanism, Conferences, convolutional neural networks, Cyber-physical systems, data mining, expert systems, Graph Neural Network, graph neural networks, human factors, lateral movement, malicious logins detection, Metrics, Neural Network Security, policy-based governance, privacy, pubcrawl, Real-time Systems, Resiliency, Scalability, security |
Abstract | Malicious login, especially lateral movement, has been a primary and costly threat for enterprises. However, there exist two critical challenges in the existing methods. Specifically, they heavily rely on a limited number of predefined rules and features. When the attack patterns change, security experts must manually design new ones. Besides, they cannot explore the attributes' mutual effect specific to login operations. We propose MLTracer, a graph neural network (GNN) based system for detecting such attacks. It has two core components to tackle the previous challenges. First, MLTracer adopts a novel method to differentiate crucial attributes of login operations from the rest without experts' designated features. Second, MLTracer leverages a GNN model to detect malicious logins. The model involves a convolutional neural network (CNN) to explore attributes of login operations, and a co-attention mechanism to mutually improve the representations (vectors) of login attributes through learning their login-specific relation. We implement an evaluation of such an approach. The results demonstrate that MLTracer significantly outperforms state-of-the-art methods. Moreover, MLTracer effectively detects various attack scenarios with a remarkably low false positive rate (FPR). |
URL | https://ieeexplore.ieee.org/document/9343121 |
DOI | 10.1109/TrustCom50675.2020.00099 |
Citation Key | liu_mltracer_2020 |
- Graph Neural Network
- security
- Scalability
- real-time systems
- pubcrawl
- privacy
- malicious logins detection
- lateral movement
- Human Factors
- graph neural networks
- Neural Network Security
- expert systems
- Data mining
- convolutional neural networks
- Conferences
- co-attention mechanism
- Metrics
- policy-based governance
- Resiliency
- cyber-physical systems