FG-CIBGC: A Unified Framework for Fine-Grained and Class-Incremental Behavior Graph Classification
Track: Graph algorithms and modeling for the Web
Keywords: Fine-grained Behavior Graph Classification, Class-Incremental Graph Learning
Abstract: Learning-based Behavior Graph Classification (BGC) has been widely adopted in Internet infrastructure for partitioning and identifying similar behavior graphs. However, the research communities realize significant limitations when deploying existing proposals in real-world scenarios. The challenges are mainly concerned with (i) fine-grained emerging behavior graphs, and (ii) incremental model adaptations. To tackle these problems, we propose to (i) mine semantics in multi-source logs using Large Language Models (LLMs) under In-Context Learning (ICL), and (ii) bridge the gap between Out-Of-Distribution (OOD) detection and class-incremental graph learning. Based on the above core ideas, we develop the first unified framework termed as $\textbf{F}$ine-$\textbf{G}$rained and $\textbf{C}$lass-$\textbf{I}$ncremental $\textbf{B}$ehavior $\textbf{G}$raph $\textbf{C}$lassification ($\textbf{FG-CIBGC}$). It consists of two novel modules, i.e., gPartition and gAdapt, that are used for partitioning fine-grained graphs and performing unknown class detection and adaptation, respectively. To validate the efficacy of FG-CIBGC, we introduce a new benchmark, comprising a new 4,992-graph, 32-class dataset generated from 8 attack scenarios, as well as a novel Edge Intersection over Union (EIoU) metric for evaluation. Extensive experiments demonstrate FG-CIBGC's superior performance on fine-grained and class-incremental BGC tasks, as well as its ability to generate fine-grained behavior graphs that facilitate downstream tasks. The code and dataset are available at: https://anonymous.4open.science/r/FG-CIBGC-70BC/README.md.
Submission Number: 1140
Loading