Archivio Istituzionale della RicercaIn light of the unprecedented proliferation of cloud-native applications, cyber threats targeting cloud services have escalated markedly, emerging as a critical concern for stakeholders. The intrinsic nature of cloud infrastructures renders them particularly susceptible to diverse attacks. In this context, effective attack identification becomes pivotal, facilitating swift responses and preventive measures to mitigate risks and bolster overall security resilience. Despite a range of solutions in literature, attack classification remains an arduous task in industrial environments. To address this, we propose a comprehensive and deployment-friendly graph-based framework. It leverages cloud activity traces, transforming system events to graph structures, and we enumerate 4 different types of attack within a controlled environment. We frame a multi-classification problem, and construct multi-level features to characterize distinct attacks amidst background activities, bypassing the complexity of Deep Learning (DL). To evaluate the efficacy, we compare with multiple Graph Neural Networks (GNNs), and our solution yields comparable performance, demonstrating a promising candidate for the practical and efficient cyber threat detection.
Advancing Cloud-Native Cyber Threat Detection with Graph-Based Feature Engineering / Song, Tailai; Organokov, Mukharbek; Gulikers, Lennart; Grassi, Giulio; Carofiglio, Giovanna; Meo, Michela. - ELETTRONICO. - (2025), pp. 4291-4297. (Intervento presentato al convegno IEEE International Conference on Data Engineering tenutosi a Hong Kong (Chi) nel 19-23 May 2025) [10.1109/ICDE65448.2025.00321].
Advancing Cloud-Native Cyber Threat Detection with Graph-Based Feature Engineering
Tailai Song;Giovanna Carofiglio;Michela Meo
2025
Abstract
In light of the unprecedented proliferation of cloud-native applications, cyber threats targeting cloud services have escalated markedly, emerging as a critical concern for stakeholders. The intrinsic nature of cloud infrastructures renders them particularly susceptible to diverse attacks. In this context, effective attack identification becomes pivotal, facilitating swift responses and preventive measures to mitigate risks and bolster overall security resilience. Despite a range of solutions in literature, attack classification remains an arduous task in industrial environments. To address this, we propose a comprehensive and deployment-friendly graph-based framework. It leverages cloud activity traces, transforming system events to graph structures, and we enumerate 4 different types of attack within a controlled environment. We frame a multi-classification problem, and construct multi-level features to characterize distinct attacks amidst background activities, bypassing the complexity of Deep Learning (DL). To evaluate the efficacy, we compare with multiple Graph Neural Networks (GNNs), and our solution yields comparable performance, demonstrating a promising candidate for the practical and efficient cyber threat detection.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Cloud_native_cyber_attack_classification_with_feature_engineering__final_version_revision_without_letter___CISCO_.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
334.89 kB
Formato
Adobe PDF
|
334.89 kB | Adobe PDF | Visualizza/Apri |
|
Advancing_Cloud-Native_Cyber_Threat_Detection_with_Graph-Based_Feature_Engineering.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
395.02 kB
Formato
Adobe PDF
|
395.02 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/3002470