An Anomaly Detection Method Based on Meta-Path and Heterogeneous Graph Attention Network
2024 5th International Conference on Computer Engineering and Application, ICCEA 2024, Page: 137-140
2024
Metric Options: CountsSelecting the 1-year or 3-year option will change the metrics count to percentiles, illustrating how an article or review compares to other articles or reviews within the selected time period in the same journal. Selecting the 1-year option compares the metrics against other articles/reviews that were also published in the same calendar year. Selecting the 3-year option compares the metrics against other articles/reviews that were also published in the same calendar year plus the two years prior.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Conference Paper Description
Advanced Persistent Threats (APT) in the current network environment are becoming increasingly complex and diverse. Most existing APT anomaly detection is based on attack knowledge bases and preset rules, which are difficult to design and cannot make good use of the rich semantic information in the original log data. This results in poor detection of unknown attacks. This paper proposes an anomaly detection method based on meta-path and heterogeneous provenance graph. We design a heterogeneous graph structure to represent provenance graph, and define the meta-paths of the PROCESS nodes. Then we use Heterogeneous Graph Attention Network (HAN) to learn the embedding representation of the nodes based on meta-paths. The resulting graph's node embedding is used as node features, and then we apply SVDD algorithm to identify anomalous nodes. A series of experiments were conducted on the Unicorn SC-2 dataset to validate the proposed method. The final results demonstrate that our method outperforms two current anomaly detection systems.
Bibliographic Details
Institute of Electrical and Electronics Engineers (IEEE)
Provide Feedback
Have ideas for a new metric? Would you like to see something else here?Let us know