Selected Graph Machine Learning Models and Methods with Applications in Cybersecurity

The paper reviews and describes in detail selected graph machine learning methods as applied to modelling and solving selected cybersecurity problems. Special attention was paid to methods of graph mining (clustering, classification, similarity) and graph neural networks. The basic differences between an “ordinary” neural network and a graph neural network were described. Three types of graph neural networks are described: graph convolutional networks (CGN), graph attention networks (GAT), generative antagonistic networks (GAN). Applications of each group of methods in cybersecurity problems are presented. The presented examples of applications concern with: detection of DDoS attacks or Botnets, security incident management, analysis of user behaviour, detection of security risks, detecting fake news and countering disinformation, malware detection. In summary, the advantages and disadvantages of graph-based machine learning methods are also presented.