Automatic generation of industrial internet attack graphs with graph neural networks and Bayesian models

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-23 DOI:10.1016/j.comnet.2025.111736

Luyao Zhang , Gaigai Tang , Xin He , Kaiyuan Qi , Guangfeng Su , Huiyun Zhang

{"title":"Automatic generation of industrial internet attack graphs with graph neural networks and Bayesian models","authors":"Luyao Zhang , Gaigai Tang , Xin He , Kaiyuan Qi , Guangfeng Su , Huiyun Zhang","doi":"10.1016/j.comnet.2025.111736","DOIUrl":null,"url":null,"abstract":"<div><div>Industrial Internet is increasingly exposed to highly complex, heterogeneous, and multi-stage security threats, posing long-term potential risks to system security. Efficient and intelligent attack graph generation techniques are essential for accurately modeling potential attack paths and enabling visual analysis, thereby supporting proactive defense and attack attribution. However, existing methods primarily rely on static rules or expert knowledge, making them inadequate in capturing the dynamic nature, uncertainty, and complex dependencies of attack paths, and thus ineffective against emerging and sophisticated attack scenarios. To address these challenges, this paper proposes a novel automatic attack graph generation method for the Industrial Internet, termed IndustGNN-AG, which integrates Graph Neural Networks (GNNs) with Bayesian inference. The proposed method leverages the deep feature learning capability of GNNs to automatically extract network behavior features and employs Bayesian techniques to model the uncertainty of attack paths. A multi-layer graph attention mechanism is introduced to capture inter-node dependencies, and a probabilistic path estimation framework is developed by combining node-level and edge-level uncertainties, enabling a more comprehensive analysis of potential attack paths. Experimental results on three representative Industrial Internet attack datasets, namely Mirai_Botnet, SSDP Flood, and SYN DoS, demonstrate that IndustGNN-AG achieves accuracy rates of 99.40%, 100%, and 96.33%, respectively, in attack graph generation tasks. Compared with existing approaches, IndustGNN-AG exhibits significant improvements on accuracy and scalability.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111736"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625007029","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Industrial Internet is increasingly exposed to highly complex, heterogeneous, and multi-stage security threats, posing long-term potential risks to system security. Efficient and intelligent attack graph generation techniques are essential for accurately modeling potential attack paths and enabling visual analysis, thereby supporting proactive defense and attack attribution. However, existing methods primarily rely on static rules or expert knowledge, making them inadequate in capturing the dynamic nature, uncertainty, and complex dependencies of attack paths, and thus ineffective against emerging and sophisticated attack scenarios. To address these challenges, this paper proposes a novel automatic attack graph generation method for the Industrial Internet, termed IndustGNN-AG, which integrates Graph Neural Networks (GNNs) with Bayesian inference. The proposed method leverages the deep feature learning capability of GNNs to automatically extract network behavior features and employs Bayesian techniques to model the uncertainty of attack paths. A multi-layer graph attention mechanism is introduced to capture inter-node dependencies, and a probabilistic path estimation framework is developed by combining node-level and edge-level uncertainties, enabling a more comprehensive analysis of potential attack paths. Experimental results on three representative Industrial Internet attack datasets, namely Mirai_Botnet, SSDP Flood, and SYN DoS, demonstrate that IndustGNN-AG achieves accuracy rates of 99.40%, 100%, and 96.33%, respectively, in attack graph generation tasks. Compared with existing approaches, IndustGNN-AG exhibits significant improvements on accuracy and scalability.

查看原文本刊更多论文

基于图神经网络和贝叶斯模型的工业互联网攻击图自动生成

工业互联网日益面临高度复杂、异构、多阶段的安全威胁，对系统安全构成长期潜在风险。高效和智能的攻击图生成技术对于准确建模潜在的攻击路径和启用可视化分析至关重要，从而支持主动防御和攻击归因。然而，现有的方法主要依赖于静态规则或专家知识，这使得它们在捕获攻击路径的动态性、不确定性和复杂依赖性方面是不够的，因此对新兴的和复杂的攻击场景是无效的。为了解决这些挑战，本文提出了一种新的工业互联网自动攻击图生成方法，称为industrgnn - ag，该方法将图神经网络（gnn）与贝叶斯推理相结合。该方法利用gnn的深度特征学习能力自动提取网络行为特征，并采用贝叶斯技术对攻击路径的不确定性进行建模。引入多层图关注机制捕获节点间依赖关系，结合节点级和边缘级不确定性，构建概率路径估计框架，实现对潜在攻击路径的更全面分析。在Mirai_Botnet、SSDP Flood和SYN DoS这三个具有代表性的工业互联网攻击数据集上的实验结果表明，industrstgnn - ag在攻击图生成任务上的准确率分别达到99.40%、100%和96.33%。与现有方法相比，industrgnn - ag在精度和可扩展性方面有显著提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.