Lateral Movement Detection in Enterprise Networks Using Temporal Graph Attention Networks (T-GATs)

In terms of cybersecurity, “Advanced Persistent Threats (APT)” attacks are the significant threat due to their adaptation, persistence, and stealth against usual detection mechanisms. With smart tactics used by APT attackers to infiltrate networks and stay undetected for longer periods of time, this study has focused on “Graph Neural Networks (GNNs)” for detecting APT attacks. GNNs are excellent in capturing complex relationships in network data, using graphical structures to identify anomalies and subtle patterns which indicate behaviors in APT. This study reports existing detailed exploration of GNNs as modern technology to improve capabilities of “Intrusion Detection Systems (IDS)”. APT attacks pose significant threats because of their persistence and smart tactics, underscoring the need for innovative approaches. The study provides an in-depth survey of applications of GNN against APT attacks to protect enterprise networks, precisely analyzing different architectures of GNN and proposing a framework curated especially to evaluate the systems for APT detection. In addition, this study proposes a novel approach for APT attack detection in real-time by using time evolution and opens further opportunities for future studies. Findings of the study elucidate the significant role played by GNNs to address the rising threats posed by APTs, focusing on potential to improve cybersecurity. In addition, the study identifies future research directions and development in using graph-based and machine learning techniques for proactive and adaptive intrusion detection in complex environments.