Design Of Graph Structure Optimization Method And Its Application In Cybersecurity Analysis

With the increasing importance of cyberspace in people’s lives,how to maintain the cybersecurity has become an issue that cannot be ignored.Existing insight methods for cybersecurity analysis consider all samples to be analyzed separately,ignoring the relationships that exist between them,and introduce these relationships will make cybersecurity analysis more accurate and comprehensive.Graph neural networks,as a machine learning method,can model the relationships between samples as graph structures and add them to the training,and have shown great success in several fields.However,graph neural networks follow a basic assumption that the structure of the introduced graph is homogeneous and complete,and edges are more likely to exist between nodes with the same label.A graph structure that does not satisfy the assumption will greatly decrease the performance of graph neural networks.However,in the field of network security analysis,homogeneous and complete graph structures are difficult to directly obtain due to the inherent offensive and defensive confrontation,either deliberately hidden by attackers or desensitized for security reasons,causing inevitable noise or missing in the graph structure.Existing methods usually clean the original graph structure to obtain a graph structure that conforms to the basic assumptions,but this method requires external knowledge,cannot be automated,and takes a lot of time and effort.To address these problems,this paper investigates and designs a graph structure optimization method to improve the performance of graph neural networks by automatically optimizing the problematic graph structure without external knowledge.The method follows the community structure generation strategy and combines multi-layer neighborhood information,which makes the optimized graph structure more robust than other optimization methods.After designing the graph structure optimization method,this paper applies it to two tasks in cybersecurity analysis:malware family classification and malicious encrypted traffic detection,solving two common graph structure problems and demonstrating the effectiveness and generalizability of the method in cybersecurity analysis.The main research in this paper is as follows:(1)A graph structure optimization method is investigated and designed.To address the lack of robustness caused by other graph structure optimization methods that only consider edges and use only the last layer of node embeddings,this method assumes that the graph structure the basic generating logic and combines multi-layer node embeddings to collect multi-order neighborhood information,and uses the K-nearest neighbor graph composed of node embeddings as an observation of the optimal graph.The posterior probability of generating the optimal graph from the observation is obtained using Bayesian inference,and the method is validated on a classical citation dataset in the field of graph neural networks.(2)Application of the graph structure optimization method to malware family classification task,modeling the malware relationship graph based on the same function calls,and applying the method proposed in this paper to this graph structure to solve the problem of its high homogeneity but insufficient completeness,and thus improve the performance of the graph neural network model,achieving better classification results compared to other methods on both public and personal datasets.(3)Application of graph structure optimization method to malicious encrypted traffic detection task,modeling the encrypted traffic relationship graph based on the same IP-port,the proposed method is applied to this graph to solve the problem of completeness but low homogeneity to improve the model performance,and compared with other methods on the CTU-13 dataset,achieving better rresults compared to other methods.