GRASEC

5th International Workshop on Graph-based Approaches for CyberSecurity
  • Date
    Aug 01, 2024
  • Location
    SR05
  • Duration
    08:45 — 12:15
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Martin Husak
  • → Mohamed-Lamine Messai
  • → Hamida Seba

Accepted Paper

NORIA UI: Efficient Incident Management on Large-Scale ICT Systems Represented as Knowledge Graphs
Lionel Tailhardat (Orange, France), Yoan Chabot (Orange, France), Antoine Py (Orange, France), Perrine Guillemette (Orange, France)
Full Paper
Incident management in telecom and computer networks requires correlating and interpreting heterogeneous technical information sources. While knowledge graphs have proven flexible for data integration and logical reasoning, their use in network and cybersecurity monitoring systems (NMS/SIEM) is not yet widespread. In this work, we explore the integration of knowledge graphs to facilitate the diagnosis of complex situations from the perspective of NetOps/SecOps experts who use NMS/SIEMs. Through expert interviews, we identify expectations in terms of ergonomics and decision support functions, and propose a Web-based client-server software architecture using an RDF knowledge graph that describes network systems and their dynamics. Based on a UI/UX evaluation and feedback from a user panel, we demonstrate the need to go beyond simple data retrieval from the knowledge graph. We also highlight the importance of synergistic reasoning and interactive analysis of multi-layered systems. Overall, our work provides a foundation for future designs of knowledge-graph-based NMS/SIEM decision support systems with hybrid logical/probabilistic reasoning.
Workshop GRASEC
A Model-based Approach for Assessing the Security of Cyber-Physical Systems
Hugo Teixeira De Castro (Télécom Sud Paris, France), Ahmed Hussain (KTH Royal Institute of Technology, Sweden), Gregory Blanc (Institut Mines-Télécom, Télécom SudParis, Institut Polytechnique de Paris, France), Jamal El Hachem (Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Bretagne Sud (UBS), France), Dominique Blouin (Telecom Paris, France), Jean Leneutre (Telecom Paris, France), Panos Papadimitratos (KTH Royal Institute of Technology, Sweden)
Full Paper
Cyber-Physical Systems ( CPS s) complexity, automation, and interconnection have been continuously increasing to support new opportunities and functionalities in numerous life-impacting applications, such as e-health, Internet of Things ( IoT ) devices, or Industrial Control Systems (ICSs). These characteristics introduce new critical security challenges to both industrial practitioners and academics. This work investigates how Model-Based System Engineering (MBSE) and attack graph approaches could be leveraged to model and analyze secure CPS solutions for identifying high-impact attacks at the architecture phase of the secure system development life cycle. To achieve this objective, we propose a new framework that comprises (1) a modeling paradigm for secure CPS representation, easily usable by system architects with limited cybersecurity expertise, (2) an attack-graph-based solution for CPS automatic quantitative security analysis, based on the MulVAL security tool formalisms, (3) a model-based code generator tool - a set of Model-To-Text (MTT) transformation rules to bridge the gap between the CPS specific extensions of SysML and MulVAL. We illustrated the ability of our proposed framework to model, analyze, and identify attacks in CPS s through an autonomous ventilation system example. The results confirm that the framework can accurately represent CPS and their vulnerabilities. Attack scenarios, including a Denial of Service ( DoS ) attack targeting an industrial communication protocol, were identified and displayed as attack graphs. Furthermore, success probabilities were computed to assess the level of risk quantitatively. In future work, we intend to ex- tend the approach to connect it to dynamic security databases and address challenges such as automatic countermeasure selection.
Workshop GRASEC
FedHE-Graph: Federated Learning with Hybrid Encryption on Graph Neural Networks for Advanced Persistent Threat Detection
Atmane Ayoub Mansour Bahar (École Nationale Supérieure d’Informatique, Alger, Algérie, Algeria), Kamel Soaïd Ferrahi (École Nationale Supérieure d’Informatique, Alger, Algérie, Algeria), Mohamed-Lamine Messai (Université Lumière Lyon 2, France), Hamida Seba (University Lyon 1, France), Karima Amrouche (École Nationale Supérieure d’Informatique, Alger, Algérie, Algeria)
Full Paper
Intrusion Detection Systems (IDS) play a crucial role in safeguarding systems and networks from different types of attacks. However, IDSes face significant hurdles in detecting Advanced Persistent Threats (APTs), which are sophisticated cyber-attacks characterized by their stealth, duration, and advanced techniques. Recent research has explored the effectiveness of Graph Neural Networks (GNNs) in APT detection, leveraging their ability to analyse intricate-relationships within graph data. However, existing approaches often rely on local models, limiting their adaptability to evolving APT-tactics and raising privacy-concerns. In response to these challenges, this paper proposes integrating Federated-Learning (FL) into the architectures of GNN-based Intrusion Detection Systems. Federated Learning is a distributed-learning paradigm that enables collaborative model-training without centralizing sensitive-data. By leveraging FL, hosts can contribute to a collective knowledge-base while preserving the confidentiality of their local datasets. This approach not only mitigates hardware strain and addresses privacy concerns; but also enhances model robustness by capturing diverse-insights from multiple sources. Moreover, our solution includes an enhanced encryption-system of the clients’ weights to safely send them to the server through the system’s network. This solution prevents man-in-the-middle (MitM) attacks from intercepting the weights and reconstructing clients data using reverse engineering. We evaluate our approach on several datasets, demonstrating promising results in reducing false-positive rates compared to state-of-the-art Provenance-based IDSes (PIDS).
Workshop GRASEC
Advancing ESSecA: a step forward in Automated Penetration Testing
Massimiliano Rak (University of Campania, Luigi Vanvitelli, Italy), Felice Moretta (University of Campania "Luigi Vanvitelli", Italy), Daniele Granata (Università della Campania "Luigi Vanvitelli", Italy)
Full Paper
The growing importance of Information Technology (IT) services is accompanied by a surge in security challenges. While traditional security tests focus on single applications, today's interconnected systems require a broader evaluation. Vulnerability Assessment and Penetration Testing (VAPT) is a method to tackle this, aiming to assess whole systems thoroughly. However, performing VAPT manually is time-consuming and costly. Therefore, there's a strong need for automating these processes. In response to these challenges, a novel methodology, named ESSecA built upon existing literature to guide the penetration testers during the assessment of a system based on threat intelligence mechanisms. This paper presents enhancements to the ESSecA methodology, including a formal Penetration Test Plan (PTP) model, a taxonomy for Penetration Test phases, and an innovative pattern match system integrated with a Tool Catalogue knowledge base used to improve the Expert System. These developments culminated in an algorithm facilitating the automatic generation of Penetration Test Plans, thus advancing the automation of security assessment processes.
Workshop GRASEC
Comparing Hyperbolic Graph Embedding models on Anomaly Detection for Cybersecurity
Mohamed Yacine Touahria Miliani (École Nationale Supérieure d’Informatique, Algeria), Souhail Abdelmouaiz Sadat (École Nationale Supérieure d’Informatique, Algeria), Hamida Seba (University Lyon1, France), Mohammed Haddad (Université Claude Bernard Lyon-1, France)
Full Paper
Graph-based anomaly detection has emerged as a powerful tool in cybersecurity for identifying malicious activities within computer systems and networks. While existing approaches often rely on embedding graphs in Euclidean space, recent studies have suggested that hyperbolic space provides a more suitable geometry for capturing the inherent hierarchical and complex relationships present in graph data. In this paper, we explore the efficacy of hyperbolic graph embedding for anomaly detection in the context of cybersecurity. We conduct a comparison of six state-of-the-art hyperbolic graph embedding methods, evaluating their performance on a well-known intrusion detection dataset. Our analysis reveals the strengths and limitations of each method, demonstrating the potential of hyperbolic graph embedding for enhancing security.
Workshop GRASEC

Detail GRASEC 02/05

Topics of interest include, but are not limited to 03/05

  • Knowledge graphs and ontologies of cyberspaces and digital twins
  • Attack graphs modeling and application, graph-based threat assessment
  • Graph-based models for network modeling and cyber situational awareness
  • Graph-based approaches to network traffic analysis and forensics
  • Intrusion, anomaly, and botnet activity detection using graph data
  • Graph-based anomaly detection for network security and management
  • Graph application in access controls, security policies
  • Graph-based malware detection
  • Autoencoders and representation learning for graphs and knowledge graphs
  • Graph embedding techniques for network security and management problems
  • Graph databases and graph-based tools for security data analysis
  • Visualization and analysis of dynamic large-scale graphs and graph streams
  • Novel applications of static/dynamic and large graphs in network security and management

Workshop Chairs 04/05

Workshop Chairs

Workshop Chairs Logo
Martin Husak
Masaryk University, Czech Republic
Workshop Chairs Logo
Mohamed-Lamine Messai
University Lyon 2, France
Workshop Chairs Logo
Hamida Seba
University Claude Bernard Lyon 1, France

Program Committee

Imre Lendák | ELT University, Hungary
Joseph Khoury | Louisiana State University, USA
Lionel Tailhardat | Orange, France
Milan Čermák | Masaryk University, Czech Republic
Mohamed Haddad | University Lyon 1, France
Noriaki Kamiyama | Ritsumeikan University, Japan
Pavol Sokol | Pavol Jozef Šafárik University in Košice, Slovakia
Pierre Parrend | EPITA/University of Strasbourg, France
Belal Alsinglawi | Western Sydney University, Australia & Zayed University, UAE

Submission 05/05

Important Dates

Extended Submission Deadline May 19, 2024
Author Notification May 29, 2024
Proceedings Version Jun 18, 2024
Conference Jul 30 — Aug 02, 2024
Join ARES 2025!

Join us at ARES 2025 in Ghent, Belgium