Malicious Cyber Activity Detection using Zigzag Persistence

Myers, Audun D.; Bittner, Alyson S.; Aksoy, Sinan G.; Best, Daniel M.; Roek, Gregory Henselman-Petrusek; Jenne, Helen Kathleen; Joslyn, Cliff A.; Kay, William W.; Seppala, Garret E.; Young, Stephen J.; Purvine, Emilie AH

doi:10.1109/DSC61021.2023.10354204

Malicious Cyber Activity Detection using Zigzag Persistence

Conference · Fri Dec 15 04:00:00 EST 2023

DOI:https://doi.org/10.1109/DSC61021.2023.10354204· OSTI ID:2340827

Myers, Audun D. ^[1]; Bittner, Alyson S. ^[1]; Aksoy, Sinan G. ^[1]; Best, Daniel M. ^[1]; Roek, Gregory Henselman-Petrusek ^[1]; Jenne, Helen Kathleen ^[1]; Joslyn, Cliff A. ^[1]; Kay, William W. ^[1]; Seppala, Garret E. ^[1]; ^[1]; ^[1]

BATTELLE (PACIFIC NW LAB)

In this study we synthesize zigzag persistence from topological data analysis with autoencoder-based approaches to detect malicious cyber activity, and derive analytic insights. Cybersecurity aims to safeguard computers, networks, and servers from various forms of malicious attacks, including network damage, data theft, and activity monitoring. We focus on the cybersecurity domain and investigate the detection of malicious activity using log data. We consider the dynamics of the log data and explore the changing topology of a hypergraph representation of this data to gain insights into the underlying activity. These hypergraphs capture complex interactions between processes, together with their temporal information. To study the changing topology we use zigzag persistence, which captures how topological features persist at multiple dimensions over time. We observe that this detects malicious activity in a cyber data set. To automate this detection we implement an autoencoder trained on a vectorization of the resulting zigzag persistence barcodes. Our experimental results demonstrate the effectiveness of the autoencoder in detecting malicious activity. Overall, this study highlights the potential of zigzag persistence and its combination with temporal hypergraphs for analyzing cybersecurity log data and detecting malicious behavior.

🛈

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Research Organization:: Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-76RL01830

OSTI ID:: 2340827

Report Number(s):: PNNL-SA-185724

Country of Publication:: United States

Language:: English

Similar Records

Topological Analysis of Temporal Hypergraphs

Conference · Tue May 16 00:00:00 EDT 2023 · OSTI ID:1986519

Parametrized homology via zigzag persistence

Journal Article · Mon Mar 11 20:00:00 EDT 2019 · Algebraic & Geometric Topology · OSTI ID:1604670

Spatio-Temporal Deep Graph Network for Event Detection, Localization, and Classification in Cyber-Physical Electric Distribution System

Journal Article · Sun Jul 02 20:00:00 EDT 2023 · IEEE Transactions on Industrial Informatics · OSTI ID:2480941

Related Subjects

hypergraphs
temporal hypergraph
topological data analysis
zigzag persistence
Cyber secruity

Malicious Cyber Activity Detection using Zigzag Persistence

Citation Formats

Similar Records

Related Subjects