Isaiah J. King (The George Washington University)

Lateral movement is a key stage of system compromise used by advanced persistent threats, and detecting it is no simple task. But when network host logs are abstracted into discrete temporal graphs, the problem can be reframed as anomalous edge detection in an evolving network. We have implemented a formalized approach to this problem with a framework we call Euler. It consists of a model-agnostic graph neural network stacked upon a model-agnostic sequence encoding layer such as a recurrent neural network. In this talk, we will discuss the challenges we faced comparing Euler to other link prediction and anomaly detection models, and how we justified and qualified our conclusions about its effectiveness. We proposed a more precise terminology for temporal link prediction tasks to aid in reproducibility. Assertions about the relative quality of models are backed with inferential statistics, not just performance metrics, ensuring fair comparison. Finally, we discuss the value of various metrics and data sets for anomaly detection in general.

Speaker's biography

Isaiah J. King is a Ph.D. student at the George Washington University School of Engineering and Applied Sciences and an ARCS scholar. His research interests include unsupervised machine learning on graphs, and distributed machine learning, particularly as they apply to intrusion detection systems.

View More Papers

The Nuts and Bolts of Building FlowLens

Diogo Barradas (Instituto Superior Técnico, Universidade de Lisboa)

Read More

Chhoyhopper: A Moving Target Defense with IPv6

A S M Rizvi (University of Southern California/Information Sciences Institute) and John Heidemann (University of Southern California/Information Sciences Institute)

Read More

Generation of CAN-based Wheel Lockup Attacks on the Dynamics...

Alireza Mohammadi (University of Michigan-Dearborn), Hafiz Malik (University of Michigan-Dearborn) and Masoud Abbaszadeh (GE Global Research)

Read More

Demo: A Simulator for Cooperative and Automated Driving Security

Mohammed Lamine Bouchouia (Telecom Paris - Institut Polytechnique de Paris), Jean-Philippe Monteuuis (Qualcomm), Houda Labiod (Telecom Paris - Institut Polytechnique de Paris), Ons Jelassi, Wafa Ben Jaballah (Thales) and Jonathan Petit (Telecom Paris - Institut Polytechnique de Paris)

Read More