{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,12]],"date-time":"2025-12-12T13:06:40Z","timestamp":1765544800924,"version":"3.41.0"},"reference-count":31,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2021,6,2]],"date-time":"2021-06-02T00:00:00Z","timestamp":1622592000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGOPS Oper. Syst. Rev."],"published-print":{"date-parts":[[2021,6,2]]},"abstract":"Cybersecurity professionals are inundated with large amounts of data, and require intelligent algorithms capable of distinguishing vulnerable from patched, normal from anomalous, and malicious from benign. Unfortunately, not all machine learning (ML) and artificial intelligence (AI) algorithms are created equal, and in this position paper we posit that a new breed of ML, specifically graph-based machine learning (Graph AI), is poised to make a significant impact in this domain. We will discuss the primary differentiators between traditional ML and graph ML, and provide reasons and justifications for why the latter is well-suited to many aspects of cybersecurity. We will present several example applications and result of graph ML in cybersecurity, followed by a discussion of the challenges that lie ahead.<\/jats:p>","DOI":"10.1145\/3469379.3469386","type":"journal-article","created":{"date-parts":[[2021,6,6]],"date-time":"2021-06-06T12:43:56Z","timestamp":1622983436000},"page":"61-67","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["Towards Next-Generation Cybersecurity with Graph AI"],"prefix":"10.1145","volume":"55","author":[{"given":"Benjamin","family":"Bowman","sequence":"first","affiliation":[{"name":"George Washington University, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"H. Howie","family":"Huang","sequence":"additional","affiliation":[{"name":"George Washington University, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,6,6]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"National vulnerability database. https:\/\/nvd.nist.gov. National vulnerability database. https:\/\/nvd.nist.gov."},{"key":"e_1_2_1_2_1","unstructured":"Virus total. https:\/\/www.virustotal.com\/. Virus total. https:\/\/www.virustotal.com\/."},{"key":"e_1_2_1_3_1","volume-title":"https:\/\/github.com\/FiveDirections\/OpTC-data","author":"Operationally","year":"2021","unstructured":"Operationally transparent cyber data. https:\/\/github.com\/FiveDirections\/OpTC-data , 2021 . Operationally transparent cyber data. https:\/\/github.com\/FiveDirections\/OpTC-data, 2021."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3299869.3300086"},{"key":"e_1_2_1_5_1","volume-title":"Howie Huang. Vgraph: A robust vulnerable code clone detection system using code property triplets. In IEEE European Symposium on Security and Privacy (EuroSP)<\/italic>","author":"Bowman Benjamin","year":"2020","unstructured":"Benjamin Bowman and H. Howie Huang. Vgraph: A robust vulnerable code clone detection system using code property triplets. In IEEE European Symposium on Security and Privacy (EuroSP)<\/italic> , 2020 . Benjamin Bowman and H. Howie Huang. Vgraph: A robust vulnerable code clone detection system using code property triplets. In IEEE European Symposium on Security and Privacy (EuroSP)<\/italic>, 2020."},{"key":"e_1_2_1_6_1","first-page":"257","volume-title":"Detecting lateral movement in enterprise computer networks with unsupervised graph {AI}. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2020)<\/italic>","author":"Bowman Benjamin","year":"2020","unstructured":"Benjamin Bowman , Craig Laprade , Yuede Ji , and H Howie Huang . Detecting lateral movement in enterprise computer networks with unsupervised graph {AI}. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2020)<\/italic> , pages 257 - 268 , 2020 . Benjamin Bowman, Craig Laprade, Yuede Ji, and H Howie Huang. Detecting lateral movement in enterprise computer networks with unsupervised graph {AI}. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2020)<\/italic>, pages 257-268, 2020."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939754"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/3294771.3294869"},{"issue":"3","key":"e_1_2_1_9_1","first-page":"52","volume":"40","author":"Hamilton William L.","year":"2017","unstructured":"William L. Hamilton , Rex Ying , and Jure Leskovec . Representation learning on graphs: Methods and applications. IEEE Data Eng. Bull.<\/italic> , 40 ( 3 ): 52 - 74 , 2017 . William L. Hamilton, Rex Ying, and Jure Leskovec. Representation learning on graphs: Methods and applications. IEEE Data Eng. Bull.<\/italic>, 40(3):52-74, 2017.","journal-title":"Eng. Bull.<\/italic>"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3437533"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3369583.3392690"},{"key":"e_1_2_1_12_1","volume-title":"Multi-Source Cyber-Security Events. Los Alamos National Laboratory","author":"Kent Alexander D.","year":"2015","unstructured":"Alexander D. Kent . Comprehensive , Multi-Source Cyber-Security Events. Los Alamos National Laboratory , 2015 . Alexander D. Kent. Comprehensive, Multi-Source Cyber-Security Events. Los Alamos National Laboratory, 2015."},{"key":"e_1_2_1_13_1","volume-title":"Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907<\/italic>","author":"Kipf Thomas N","year":"2016","unstructured":"Thomas N Kipf and Max Welling . Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907<\/italic> , 2016 . Thomas N Kipf and Max Welling. Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907<\/italic>, 2016."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/3323298.3323322"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/72.554195"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00139-0"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363224"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/3358807.3358843"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/3129633.3129659"},{"key":"e_1_2_1_20_1","volume-title":"Parameterized explainer for graph neural network. Advances in Neural Information Processing Systems<\/italic>, 33","author":"Luo Dongsheng","year":"2020","unstructured":"Dongsheng Luo , Wei Cheng , Dongkuan Xu , Wenchao Yu , Bo Zong , Haifeng Chen , and Xiang Zhang . Parameterized explainer for graph neural network. Advances in Neural Information Processing Systems<\/italic>, 33 , 2020 . Dongsheng Luo, Wei Cheng, Dongkuan Xu, Wenchao Yu, Bo Zong, Haifeng Chen, and Xiang Zhang. Parameterized explainer for graph neural network. Advances in Neural Information Processing Systems<\/italic>, 33, 2020."},{"key":"e_1_2_1_21_1","volume-title":"Distributed representations of words and phrases and their compositionality. arXiv preprint arXiv:1310.4546<\/italic>","author":"Mikolov Tomas","year":"2013","unstructured":"Tomas Mikolov , Ilya Sutskever , Kai Chen , Greg Corrado , and Jeffrey Dean . Distributed representations of words and phrases and their compositionality. arXiv preprint arXiv:1310.4546<\/italic> , 2013 . Tomas Mikolov, Ilya Sutskever, Kai Chen, Greg Corrado, and Jeffrey Dean. Distributed representations of words and phrases and their compositionality. arXiv preprint arXiv:1310.4546<\/italic>, 2013."},{"key":"e_1_2_1_22_1","volume-title":"Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089<\/italic>","author":"Mirsky Yisroel","year":"2018","unstructured":"Yisroel Mirsky , Tomer Doitshman , Yuval Elovici , and Asaf Shabtai . Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089<\/italic> , 2018 . Yisroel Mirsky, Tomer Doitshman, Yuval Elovici, and Asaf Shabtai. Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089<\/italic>, 2018."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3184558.3191526"},{"key":"e_1_2_1_24_1","first-page":"5363","volume-title":"Evolvegcn: Evolving graph convolutional networks for dynamic graphs. In Proceedings of the AAAI Conference on Artificial Intelligence<\/italic>","author":"Pareja Aldo","year":"2020","unstructured":"Aldo Pareja , Giacomo Domeniconi , Jie Chen , Tengfei Ma , Toyotaro Suzumura , Hiroki Kanezashi , Tim Kaler , Tao Schardl , and Charles Leiserson . Evolvegcn: Evolving graph convolutional networks for dynamic graphs. In Proceedings of the AAAI Conference on Artificial Intelligence<\/italic> , volume 34 , pages 5363 - 5370 , 2020 . Aldo Pareja, Giacomo Domeniconi, Jie Chen, Tengfei Ma, Toyotaro Suzumura, Hiroki Kanezashi, Tim Kaler, Tao Schardl, and Charles Leiserson. Evolvegcn: Evolving graph convolutional networks for dynamic graphs. In Proceedings of the AAAI Conference on Artificial Intelligence<\/italic>, volume 34, pages 5363-5370, 2020."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623732"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/2011216.2011217"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741093"},{"key":"e_1_2_1_28_1","volume-title":"Graph Attention Networks. International Conference on Learning Representations<\/italic>","author":"Veli Petar","year":"2018","unstructured":"Petar Veli čković, Guillem Cucurull , Arantxa Casanova , Adriana Romero , Pietro Li ò, and Yoshua Bengio . Graph Attention Networks. International Conference on Learning Representations<\/italic> , 2018 . Petar Veličković, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Liò, and Yoshua Bengio. Graph Attention Networks. International Conference on Learning Representations<\/italic>, 2018."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/1875947.1875979"},{"key":"e_1_2_1_30_1","volume-title":"Gnnexplainer: Generating explanations for graph neural networks. Advances in neural information processing systems<\/italic>, 32:9240","author":"Ying Rex","year":"2019","unstructured":"Rex Ying , Dylan Bourgeois , Jiaxuan You , Marinka Zitnik , and Jure Leskovec . Gnnexplainer: Generating explanations for graph neural networks. Advances in neural information processing systems<\/italic>, 32:9240 , 2019 . Rex Ying, Dylan Bourgeois, Jiaxuan You, Marinka Zitnik, and Jure Leskovec. Gnnexplainer: Generating explanations for graph neural networks. Advances in neural information processing systems<\/italic>, 32:9240, 2019."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3219819.3220024"}],"container-title":["ACM SIGOPS Operating Systems Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3469379.3469386","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3469379.3469386","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:28:23Z","timestamp":1750195703000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3469379.3469386"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,2]]},"references-count":31,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,6,2]]}},"alternative-id":["10.1145\/3469379.3469386"],"URL":"https:\/\/doi.org\/10.1145\/3469379.3469386","relation":{},"ISSN":["0163-5980"],"issn-type":[{"type":"print","value":"0163-5980"}],"subject":[],"published":{"date-parts":[[2021,6,2]]},"assertion":[{"value":"2021-06-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}