Go to DBLP homepageLONGAN: Detecting Lateral Movement based on Heterogeneous Graph Neural Networks with Temporal Features
Abstract: Lateral movement (LM) plays a pivotal role in Advanced Persistent Threats (APTs), constituting a significant cybersecurity concern. Recent graph-based LM detection methods have demonstrated satisfactory performance by harnessing the potent representation capabilities of graph learning techniques. However, the evolving nature and increasing sophistication of LMs necessitate novel defensive strategies to thwart these attacks. In this paper, we introduce LONGAN, an innovative LM detection system leveraging heterogeneous graph neural networks incorporating temporal features to tackle this challenge. Specifically, we first introduce a formalized heterogeneous graph encompassing various network entities to model the intricate LM scenario. Subsequently, to capture LM dynamics, we employ a heterogeneous temporal graph to model LM evolution by integrating heterogeneous spatial information across temporal dimensions. Building upon this foundation, we devise HSTA, a framework for heterogeneous temporal graph learning, to aggregate both spatial and temporal features for LM detection. In the HSTA, we devise a heterogeneous spatial aggregation module to learn representations for diverse entity types and relations; we design a temporal aggregation module to consolidate historical node sequences into their representations. These modules synergistically operate to identify LMs. Evaluation on public datasets demonstrates that our LONGAN achieves superior performance (98.09% AUC and 96.56% F1-score) compared to state-of-the-art approaches.
External IDs:dblp:conf/iscc/ZongSH24
Loading