| 引用本文: |
-
王赟祥,刘玉岭,韩冬旭,崔泽林,刘宝旭,卢志刚,姜波.基于图安全分析的网络安全异常检测:模型、方法与挑战[J].信息安全学报,已采用 [点击复制]
- wangyunxiang,liuyuling,handongxu,cuizelin,liubaoxu,luzhigang,jiangbo.Network Security Anomaly Detection Based on Graph Se-curity Analysis: Models, Methods, and Challenges[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着网络对抗技术的发展,网络入侵攻击威胁正日益严峻,攻击者采用复杂的攻击手段规避、渗透目标防御体系,窃取敏感数据或造成实质性破坏,已成为当前网络安全防御中亟需应对的核心挑战。面对复杂的网络攻击模式,单纯地特征匹配、传统的机器学习或深度学习等方法已难以满足当前高要求的检测要求。图结构提供了一个更直观、有效的全局视角,其强大的鲁棒性和推演能力,使得攻击行为的分析与追踪变得更加清晰。近期,图安全分析技术(Graph Security Analytics,GSA)在从图结构数据中提取语义特征、检测入侵行为与欺诈行为检测等方面取得了显著进展。本文旨在对相关研究方法进行系统的归纳、总结与分析。首先,介绍了异常检测与图安全分析的基本概念、特点以及相关技术,从图安全分析的场景对面向异常检测的图安全分析技术进行了类别划分;其次,详细梳理了图模型构建与优化方法,并分别从图表示学习、子图检索匹配以及外部知识融合三个维度,系统梳理了异常检测的目标对象、流程与方法,进而分析了典型图安全分析方法的优缺点;最后,讨论了现有图安全分析方法的局限性和面临的挑战,并对该领域未来的研究方向进行展望。 |
| 关键词: 图安全分析 异常检测 图神经网络 威胁情报 |
| DOI: |
| 投稿时间:2025-12-20修订日期:2026-04-27 |
| 基金项目: |
|
| Network Security Anomaly Detection Based on Graph Se-curity Analysis: Models, Methods, and Challenges |
|
wangyunxiang, liuyuling, handongxu, cuizelin, liubaoxu, luzhigang, jiangbo
|
| (Institute of Information Engineering,CAS) |
| Abstract: |
| With the advancement of cyber confrontation technologies, the threat of network intrusion attacks is becoming increas-ingly severe. Attackers employ sophisticated methods to evade and penetrate target defense systems, stealing sensitive data or causing substantial damage, which has become a core challenge urgently needing to be addressed in current cy-bersecurity defense. Facing complex network attack patterns, traditional approaches such as signature matching, conven-tional machine learning, or deep learning alone can no longer meet the high demands of detection. Graph structures pro-vide a more intuitive and effective global perspective, and their strong robustness and reasoning capabilities make the analysis and tracing of attack behaviors much clearer. Recently, Graph Security Analytics (GSA) has made significant progress in extracting semantic features from graph-structured data, detecting intrusion behaviors, and identifying fraudulent activities. This paper aims to systematically summarize, categorize, and analyze related research methods. First, it introduces the basic concepts, characteristics, and technologies of anomaly detection and graph security analyt-ics, and categorizes graph security analytics techniques for anomaly detection based on their application scenarios. Sec-ond, it details the methods for graph model construction and optimization, and systematically reviews the target objects, processes, and methods of anomaly detection from three dimensions: graph representation learning, subgraph retrieval and matching, and external knowledge integration, followed by an analysis of the advantages and disadvantages of typi-cal graph security analytics methods. Finally, it discusses the limitations and challenges of existing graph security ana-lytics methods and provides an outlook on future research directions in this field. |
| Key words: Graph Security Analytics Anomaly Detection Graph Neural Network Threat Intelligence |
