Computers (Jul 2024)

Node Classification of Network Threats Leveraging Graph-Based Characterizations Using Memgraph

  • Sadaf Charkhabi,
  • Peyman Samimi,
  • Sikha S. Bagui,
  • Dustin Mink,
  • Subhash C. Bagui

DOI
https://doi.org/10.3390/computers13070171
Journal volume & issue
Vol. 13, no. 7
p. 171

Abstract

Read online

This research leverages Memgraph, an open-source graph database, to analyze graph-based network data and apply Graph Neural Networks (GNNs) for a detailed classification of cyberattack tactics categorized by the MITRE ATT&CK framework. As part of graph characterization, the page rank, degree centrality, betweenness centrality, and Katz centrality are presented. Node classification is utilized to categorize network entities based on their role in the traffic. Graph-theoretic features such as in-degree, out-degree, PageRank, and Katz centrality were used in node classification to ensure that the model captures the structure of the graph. The study utilizes the UWF-ZeekDataFall22 dataset, a newly created dataset which consists of labeled network logs from the University of West Florida’s Cyber Range. The uniqueness of this study is that it uses the power of combining graph-based characterization or analysis with machine learning to enhance the understanding and visualization of cyber threats, thereby improving the network security measures.

Keywords