Enterprise networks evolve constantly over time.In addition to the network topology, the order of informationﬂow is crucial to detect cyber-threats in a constantly evolvingnetwork. Majority of the existing technique uses static snapshot to learn from dynamic network. However, using static snapshots is not sufﬁcient as it largely ignores highly granular temporal information and leads to information loss due to approximation of aggregation granularity. In this work, we propose PIKACHU, a sophisticated, unsupervised, temporal walk-based dynamic network embedding technique that can capture both network topology as well as highly granular temporal information. PIKACHU learns the appropriate and meaningful representation by preserving the temporal order of nodes. This is important information to detect Advanced Persistent Threat (APT) as temporal order helps to understand the lateral movement of the attacker. Experiments on two open-source datasets: LANL and OpTC datasets demonstrated the effectiveness in detecting network anomalies. PIKACHU achieves True Positive Rate (TPR) of 95.1% in LANL and 98.7% on OpTC dataset. Furthermore, in the LANL dataset, it achieves a 4.65% reduction in False Positive Rate (FPR) despite similar area under ROC curve (AUC). In the OpTC dataset 16% improvement in AUC was obtained in comparison to the other state-of-the-art approaches.
PIKACHU: Temporal Walk Based Dynamic Graph Embedding for Network Anomaly Detection
May 07, 2022