Thesis defense : "Enhancing Detection and Explainability in Cybersecurity: A Shift from Machine Learning to Graph Learning."

PhD defence : Amani ABOU RIDA

Team:

Date & time : Wednesday, 24 January, at 9:00 AM, at the CRBS auditorium, 1 rue Eugène Boeckel, 67000 Strasbourg.

Title : "Enhancing Detection and Explainability in Cybersecurity: A Shift from Machine Learning to Graph Learning."

Abstract : 

This thesis focuses on transitioning from traditional machine learning to graph learning in cybersecurity, a crucial shift for representing complex data connections in cyberattacks. However, a key challenge lies in making the graph learning process explainable for cyberattack detection, which is critical for explaining the reason behind the detection and building trust among security analysts. To address this, the research contributes in three main areas. First, it introduces the ComGLSec workflow, a benchmarking process to evaluate graph learning methods based on their performance and inductivity in detecting cyberattacks. Second, it addresses the explainability challenges in graph learning by developing the Inductive GNNExplainer model for topological elucidation of attack detections and the GraphSecLearn library to enhance the contextuality in graph representations of cyberattack patterns. Lastly, the thesis proposes the XAIMetrics Framework for assessing explainability in machine learning, incorporating novel metrics to evaluate various aspects of explainability in the data analysis chain. This comprehensive approach improves understanding and trust in cybersecurity analysis and lays a foundational groundwork for extending these metrics to graph learning, highlighting significant advancements in the field.