Anomaly Detection in Continuous-Time Temporal Provenance Graphs

Published: 20 Oct 2023, Last Modified: 18 Nov 2023TGL Workshop 2023 LongPaperEveryoneRevisionsBibTeX
Keywords: graph neural networks, temporal graphs, benchmark datasets, anomaly detection, heterogeneous graphs
Abstract: Recent advances in Graph Neural Networks (GNNs) have matured the field of learning on graphs, making GNNs essential for prediction tasks in complex, interconnected, and evolving systems. In this paper, we focus on self-supervised, inductive learning for continuous-time dynamic graphs. Without compromising generality, we propose an approach to learn representations and mine anomalies in provenance graphs, which are a form of large-scale, heterogeneous, attributed, and continuous-time dynamic graphs used in the cybersecurity domain, syntactically resembling complex temporal knowledge graphs. We modify the Temporal Graph Network (TGN) framework to heterogeneous input data and directed edges, refining it specifically for inductive learning on provenance graphs. We present and release two pioneering large-scale, continuous-time temporal, heterogeneous, attributed benchmark graph datasets. The datasets incorporate expert-labeled anomalies, promoting subsequent research on representation learning and anomaly detection on intricate real-world networks. Comprehensive experimental analyses of modules, datasets, and baselines underscore the effectiveness of TGN-based inductive learning, affirming its practical utility in identifying semantically significant anomalies in real-world systems.
Format: Long paper, up to 8 pages. If the reviewers recommend it to be changed to a short paper, I would prefer to withdraw my submission.
Submission Number: 36
Loading