Structural and spectral analysis of dynamic graphs for attack detection

Abstract

At this time, cyberattacks represent a constant threat. Many approaches exist for detecting suspicious behaviors, but very few of them seem to benefit from the huge potential of mathematical approaches like spectral graph analysis, known to be able to extract topological features of a graph using its Laplacian spectrum. For this reason, we consider our network as a dynamic graph composed of nodes (representing the devices) and of edges (representing the requests), and we compute its Laplacian spectrum across time. An important change of topology inducing an important change in the spectrum, this spectrum seems to be the key to detect threats. Dynamic spectrum-based metrics have been developed for this aim.