Spatial-Temporal Graph Neural Network for the Detection of Container Escape Events

Yuchen Guo; James Pope

doi:10.5220/0012347800003636

Spatial-Temporal Graph Neural Network for the Detection of Container Escape Events

Yuchen Guo, James Pope

2024

Abstract

Internet of Things (IoT) devices bring an attack surface closer to personal life and industrial production. With containers as the primary method of IoT application deployment, detecting container escapes by analyzing audit logs can identify compromised edge devices. Since audit log data contains temporal property of events and relational information between system entities, existing analysis methods cannot comprehensively analyze these two properties. In this paper, a new Temporal Graph Neural Network (GNN) -based model was designed to detect anomalies of IoT applications in a container environment. The model employed Gated Recurrent Unit (GRU) and Graph Isomorphism Network (GIN) operators to capture temporal and spatial features. Using unsupervised learning to model the application’s normal behavior, the model can detect unknown anomalies that have not appeared in training. The model is trained on a dynamic graph generated from audit logs, which records security events in a system. Due to the lack of real-world datasets, we conducted experiments on a simulated dataset. Audit log records are divided into multiple graphs according to their temporal attribute to form a dynamic graph. Some nodes and edges are aggregated or removed to reduce the complexity of the graph. In the Experiments, The model has an F1 score of 0.976 on the validation set, which outperforms the best-performing baseline model, with an F1 score of 0.845.

Download

Paper Citation

in Harvard Style

Guo Y. and Pope J. (2024). Spatial-Temporal Graph Neural Network for the Detection of Container Escape Events. In Proceedings of the 16th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART; ISBN 978-989-758-680-4, SciTePress, pages 326-333. DOI: 10.5220/0012347800003636

in Bibtex Style

@conference{icaart24,
author={Yuchen Guo and James Pope},
title={Spatial-Temporal Graph Neural Network for the Detection of Container Escape Events},
booktitle={Proceedings of the 16th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART},
year={2024},
pages={326-333},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012347800003636},
isbn={978-989-758-680-4},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 16th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART
TI - Spatial-Temporal Graph Neural Network for the Detection of Container Escape Events
SN - 978-989-758-680-4
AU - Guo Y.
AU - Pope J.
PY - 2024
SP - 326
EP - 333
DO - 10.5220/0012347800003636
PB - SciTePress