Intrusion Detection involves monitoring and analyzing network or system activities to detect and respond to unauthorized access, attacks, or security breaches.

Posts

Perimeter Intrusion Detection with Rayleigh Enhanced Fiber Using Telecom Cables as Sensing Backhaul

Perimeter Intrusion Detection with Rayleigh Enhanced Fiber Using Telecom Cables as Sensing Backhaul We report field test results of facility perimeter intrusion detection with distributed-fiber-sensing technology and backscattering-enhanced-fiber by using deployed telecom fiber cables as sensing backhaul. Various intrusive activities, such as walking/jumping at >100ft distance, are detected.

Structural Temporal Graph Neural Networks for Anomaly Detection in Dynamic Graphs

Structural Temporal Graph Neural Networks for Anomaly Detection in Dynamic Graphs Detecting anomalies in dynamic graphs is a vital task, with numerous practical applications in areas such as security, finance, and social media. Existing network embedding based methods have mostly focused on learning good node representations, whereas largely ignoring the subgraph structural changes related to the target nodes in a given time window. In this paper, we propose StrGNN, an end-to-end structural temporal Graph Neural Network model for detecting anomalous edges in dynamic graphs. In particular, we first extract the h-hop enclosing subgraph centered on the target edge and propose a node labeling function to identify the role of each node in the subgraph. Then, we leverage the graph convolution operation and Sortpooling layer to extract the fixed-size feature from each snapshot/timestamp. Based on the extracted features, we utilize the Gated Recurrent Units to capture the temporal information for anomaly detection. We fully implement StrGNN and deploy it into a real enterprise security system, and it greatly helps detect advanced threats and optimize the incident response. Extensive experiments on six benchmark datasets also demonstrate the effectiveness of StrGNN.

Anomalous Event Sequence Detection

Anomalous Event Sequence Detection Anomaly detection has been widely applied in modern data-driven security applications to detect abnormal events/entities that deviate from the majority. However, less work has been done in terms of detecting suspicious event sequences/paths, which are better discriminators than single events/entities for distinguishing normal and abnormal behaviors in complex systems such as cyber-physical systems. A key and challenging step in this endeavor is how to discover those abnormal event sequences from millions of system event records in an efficient and accurate way. To address this issue, we propose NINA, a network diffusion-based algorithm for identifying anomalous event sequences. Experimental results on both static and streaming data show that NINA is efficient (processes about 2 million records per minute) and accurate.