Dissertation Information

Title: From Detection to Explanation: Static and Temporal Graph Representation Learning Based Approach for Anomaly Based Cyber Threats Detection

Program: Computing Ph.D. - Computer Science

Advisor: Dr. Edoardo Serra

Committee Members: Dr. Liljana Babinkostova, Dr. Francesco Gullo

Abstract

Online Intrusion Detection Systems (IDSs)—which monitor networked systems to detect ongoing cyberattacks through unauthorized access—are critical components of modern cybersecurity infrastructure. Temporal Graph Anomaly Detection (TGAD)-based IDSs have demonstrated strong potential in capturing complex and evolving network behaviors. However, current implementations often struggle with scalability and real-time responsiveness, limiting their practical deployment in high-throughput environments.

This research aims to overcome these challenges by developing an efficient, scalable TGAD-based IDS capable of real-time anomaly detection. In addition to detecting threats as they emerge, the ability to proactively anticipate cyberattacks is essential for strengthening defense strategies. To this end, this study also proposes the development of a predictive framework that integrates geopolitical event data to forecast potential state-sponsored cyberattacks and their likely targets. These forecasts can inform and prioritize responses to detected anomalies, enhancing situational awareness and readiness.

Furthermore, transparency and explainability are crucial for building trust in automated security systems. Yet, existing graph-based explanation methods often fall short in effectively interpreting detected anomalies. This dissertation will therefore explore novel explanation techniques tailored specifically to graph anomaly detection.
Together, these contributions aim to significantly advance the scalability, predictive capabilities, and interpretability of next-generation intrusion detection systems.