Detection, Explanation and Filtering of Cyber Attacks Combining Symbolic and Sub-Symbolic Methods

by   Anna Himmelhuber, et al.

Machine learning (ML) on graph-structured data has recently received deepened interest in the context of intrusion detection in the cybersecurity domain. Due to the increasing amounts of data generated by monitoring tools as well as more and more sophisticated attacks, these ML methods are gaining traction. Knowledge graphs and their corresponding learning techniques such as Graph Neural Networks (GNNs) with their ability to seamlessly integrate data from multiple domains using human-understandable vocabularies, are finding application in the cybersecurity domain. However, similar to other connectionist models, GNNs are lacking transparency in their decision making. This is especially important as there tend to be a high number of false positive alerts in the cybersecurity domain, such that triage needs to be done by domain experts, requiring a lot of man power. Therefore, we are addressing Explainable AI (XAI) for GNNs to enhance trust management by exploring combining symbolic and sub-symbolic methods in the area of cybersecurity that incorporate domain knowledge. We experimented with this approach by generating explanations in an industrial demonstrator system. The proposed method is shown to produce intuitive explanations for alerts for a diverse range of scenarios. Not only do the explanations provide deeper insights into the alerts, but they also lead to a reduction of false positive alerts by 66 including the fidelity metric.


page 1

page 3

page 4


Combining Sub-Symbolic and Symbolic Methods for Explainability

Similarly to other connectionist models, Graph Neural Networks (GNNs) la...

Machine learning on knowledge graphs for context-aware security monitoring

Machine learning techniques are gaining attention in the context of intr...

Demystifying Graph Neural Network Explanations

Graph neural networks (GNNs) are quickly becoming the standard approach ...

Knowledge-enhanced Neuro-Symbolic AI for Cybersecurity and Privacy

Neuro-Symbolic Artificial Intelligence (AI) is an emerging and quickly a...

Incorporating Symbolic Domain Knowledge into Graph Neural Networks

Our interest is in scientific problems with the following characteristic...

XInsight: Revealing Model Insights for GNNs with Flow-based Explanations

Progress in graph neural networks has grown rapidly in recent years, wit...

Interpretability from a new lens: Integrating Stratification and Domain knowledge for Biomedical Applications

The use of machine learning (ML) techniques in the biomedical field has ...

Please sign up or login with your details

Forgot password? Click here to reset