The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Securing cyberspace has become an utmost concern for organizations and governments. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. In recent years, with the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance. It is imperative to summarize existing graph-based cybersecurity solutions to provide a guide for future studies. Therefore, as a key contribution of this paper, we provide a comprehensive review of graph mining for cybersecurity, including an overview of cybersecurity tasks, the typical graph mining techniques, and the general process of applying them to cybersecurity, as well as various solutions for different cybersecurity tasks. For each task, we probe into relevant methods and highlight the graph types, graph approaches, and task levels in their modeling. Furthermore, we collect open datasets and toolkits for graph-based cybersecurity. Finally, we outlook the potential directions of this field for future research.
翻译:如今网络攻击(如恶意软件、垃圾邮件和入侵)的爆炸式增长对社会造成了严重后果。网络安全已成为组织和政府最为关注的事项之一。传统基于机器学习(ML)方法广泛用于检测网络威胁,但几乎不能模拟真实世界的网络实体之间的相关性。近年来,随着图挖掘技术的大量发展,许多研究人员研究了这些技术以捕获网络实体之间的相关性并实现高性能。总结现有的基于图的网络安全解决方案,为未来的研究提供指南非常重要。因此,本文的关键贡献是提供了图挖掘在网络安全中的全面综述,包括网络安全任务的概览、典型的图挖掘技术和将它们应用于网络安全的一般过程,以及不同网络安全任务的各种解决方案。对于每种任务,我们都会探讨相关方法,并强调其在建模中的图类型、图方法和任务级别。此外,我们收集了面向图挖掘的网络安全的开放数据集和工具包。最后,我们展望了这个领域未来研究的潜力方向。