The complexity of today’s systems and the data they produce has made it more difficult to ensure their security due to the data overload, the need to store and handle massive amounts of data, and efficient analysis. Using graphs and knowledge graphs to analyze and interpret the data is a very intriguing strategy that is gaining more and more attention these days. It is becoming more and more usual to employ graph databases, graph mining and learning algorithms, and tools for processing massive volumes of data using graphs.

Graphs, including complex networks and knowledge graphs, offer the advantage of capturing complex and heterogeneous systems and activities. Moreover, the visualization of graph-based data is straightforward and comprehensible for human analysts, which makes it very powerful in practice. For example, Botnet activity can be observed as a plethora of observables, and there is a need to correlate the particular observations into a big picture, such as using a graph to represent particular events and observations and relations between them. The attack graphs are popular tools for representing cyber attacks, calculating their impact, and even projecting them and predicting the next step of an adversary.

This workshop aims at bringing together people from industry and academia, including researchers, developers, and practitioners from a variety of fields working on graphs and knowledge graphs, network management, and cybersecurity. The workshop will allow attendees to share and discuss their latest findings from both theoretical and practical perspectives, namely in terms of graph-based security data representation, analysis, processing and visualization. The workshop attendees may benefit from sharing experience on graph-based data analysis regardless of the specific application. Moreover, researchers and practitioners will have an opportunity to familiarize themselves with recent advances in graph analysis, mining and learning, and other approaches that could be used in their work. The workshop aims to highlight the latest research and experience in graph-based approaches in cybersecurity. The workshop also seeks papers describing new datasets with real attack scenarios, graph modeling tools evaluated on existing and proposed datasets, and systematization of knowledge (SoK) papers.

Topics of interest include, but are not limited to

Knowledge graphs and ontologies of cyberspaces and digital twins
Attack graphs modeling and application, graph-based threat assessment
Graph-based models for network modeling and cyber situational awareness
Graph-based approaches to network traffic analysis and forensics
Intrusion, anomaly, and botnet activity detection using graph data
Graph-based anomaly detection for network security and management
Graph application in access controls, security policies
Autoencoders and representation learning for graphs and knowledge graphs
Graph embedding techniques for network security and management problems
Graph databases and graph-based tools for security data analysis
Visualization and analysis of dynamic large-scale graphs and graph streams
Novel applications of static/dynamic and large graphs in network security and management


Workshop Chairs

Martin Husak
Masaryk University, Czech Republic
husakm@ics.muni.cz

Mohamed-Lamine Messai
University Lyon 2, France
mohamed-lamine.messai@univ-lyon2.fr

Hamida Seba
University Claude Bernard Lyon 1, France
hamida.seba@univ-lyon1.fr