Partially automated threat hunting with graph neural networks (GNN) in automation environments.

General information

The research work of the HsH concentrates on the creation and optimization optimization of a suitable graph representation that can handle the heterogeneous properties, such as different different system types and data complexities of the CPS. Here the anomaly detection is used on the systems to automatically identify threats. automatically. Using Graph Neural Networks (GNN), the aim is to develop a flexible detection system that can that can deal with changing environments and works reliably in the long term. works reliably in the long term. As part of threat hunting, entities classified as suspicious are specifically processed for sys analysts to enable an efficient and targeted search for possible attacks, both during operation and forensically. both during operation and forensically.


Funded by Bundesministerium für Bildung und Forschung (BMBF).

Hochschule Hannover
University of Applied Sciences and Arts
Faculty IV, Dept. of Computer Science
Ricklinger Stadtweg 120
30459 Hannover, Germany