Early detection of network intrusions and cyber threats is one of the main pillars of cybersecurity. One of the most effective approaches for this purpose is to analyze network traffic with the help of artificial intelligence algorithms, with the aim of detecting the possible presence of an attacker by distinguishing it from a legitimate user. This is commonly done by collecting the traffic exchanged between terminals in a network and analyzing it on a per-packet or per-connection basis. In this paper, we propose instead to perform pre-processing of network traffic under analysis with the aim of extracting some new metrics on which we can perform more efficient detection and overcome some limitations of classical approaches. These new metrics are based on graph theory, and consider the network as a whole, rather than focusing on individual packets or connections. Our approach is validated through experiments performed on publicly available data sets, from which it results that it can not only overcome some of the limitations of classical approaches, but also achieve a better detection capability of cyber threats.

翻译：网络入侵和网络威胁的早期检测是网络安全的主要支柱之一。为此目的，最有效的方法之一是借助人工智能算法分析网络流量，通过区分合法用户来检测攻击者的可能存在。通常的做法是收集网络中终端之间交换的流量，并基于每个数据包或每个连接进行分析。在本文中，我们提出对正在分析的网络流量进行预处理，以提取一些新的度量指标，从而能够进行更有效的检测，并克服传统方法的一些局限性。这些新度量基于图论，将网络视为一个整体，而非聚焦于单个数据包或连接。通过公开数据集上进行的实验验证了我们的方法，结果表明该方法不仅能克服传统方法的一些局限性，还能实现更优的网络威胁检测能力。