Abstract

Since the dawn of the Information Age, we have increasingly relied on the technology that we develop to support nearly every aspect of modern living. At this point in our history, we are dependent on complex computer systems to manage and maintain the way our society and our world operates. Computers manage our transportation infrastructure, energy production, agriculture, political elections, military operations, financial markets, and many other critical processes that we all rely on. It is imperative that we keep these systems safe from attack.

Existing cybersecurity techniques depend heavily on identifying patterns or signatures of known-malicious activity, which are relatively easy to circumvent. Exacerbating this problem is the heavy reliance on the manual correlation of security events to determine the full scope of an attack, a task that is time consuming and error prone. Unfortunately, our adversaries are successfully overcoming these defenses far too frequently, as indicated by the many high-profile cybersecurity attacks of the last decade. Our cyber defenders need new tools and techniques for utilizing the wealth of data generated in modern computing environments to more effectively detect and mitigate cyber threats before they can cause harm.

In this dissertation, we will discuss some of the most critical cybersecurity challenges, and introduce novel techniques for detecting malicious activity in a variety of security contexts. Specifically, we will look at three graph-based techniques for generating new insights from existing data sources available in the cybersecurity domain. First, we will discuss the problem of automated software vulnerability detection, and introduce a technique which moves beyond signature-based detection to identify new vulnerabilities in source code based on a flexible and robust graph similarity metric. Second, we will discuss the problem of identifying malicious authentication activity within a computer network, and introduce a technique which utilizes unsupervised graph machine learning to detect this critical stage of a cyber attack. Third, we will discuss a system which combines aspects of the previous two works into a network-wide monitoring and detection capability based on graph data structures and algorithms capable of detecting full-scale APT attack campaigns. Each work presented provides motivation for, and justification of, a graph-first approach to specific cybersecurity challenges. Through these works we hope to show how graph data structures and graph algorithms are a heavily under-utilized resource that cybersecurity defenders stand to benefit from.

Details

Title
Graph Techniques for Next Generation Cybersecurity
Author
Bowman, Benjamin
Publication year
2022
Publisher
ProQuest Dissertations & Theses
ISBN
9798496538664
Source type
Dissertation or Thesis
Language of publication
English
ProQuest document ID
2605573371
Copyright
Database copyright ProQuest LLC; ProQuest does not claim copyright in the individual underlying works.