🤖 AI Summary
To address the real-time detection and provenance tracing of multi-step, rapidly evolving Advanced Persistent Threats (APTs) in dynamic networks, this paper proposes a lightweight analytical framework based on temporal graph modeling. Methodologically, raw network traffic is modeled as a dynamic temporal graph; a lightweight, machine-learning-oriented graph processing library is designed to uniformly support streaming graph updates, dynamic community detection, Laplacian spectral feature extraction, and dual-mode historical–real-time analysis. The key contribution lies in the first deep integration of spectral graph theory with dynamic community evolution, enabling unified identification of anomalous interactions and reconstruction of attack propagation paths. Evaluated on real-world terabyte-scale network traffic, the framework achieves millisecond-level anomaly response, improves community drift detection accuracy by 27%, and supports scalable, auditable historical graph analysis.
📝 Abstract
The dramatic increase of complex, multi-step, and rapidly evolving attacks in dynamic networks involves advanced cyber-threat detectors. The GPML (Graph Processing for Machine Learning) library addresses this need by transforming raw network traffic traces into graph representations, enabling advanced insights into network behaviors. The library provides tools to detect anomalies in interaction and community shifts in dynamic networks. GPML supports community and spectral metrics extraction, enhancing both real-time detection and historical forensics analysis. This library supports modern cybersecurity challenges with a robust, graph-based approach.