The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Securing cyberspace has become an utmost concern for organizations and governments. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. In recent years, with the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance. It is imperative to summarize existing graph-based cybersecurity solutions to provide a guide for future studies. Therefore, as a key contribution of this paper, we provide a comprehensive review of graph mining for cybersecurity, including an overview of cybersecurity tasks, the typical graph mining techniques, and the general process of applying them to cybersecurity, as well as various solutions for different cybersecurity tasks. For each task, we probe into relevant methods and highlight the graph types, graph approaches, and task levels in their modeling. Furthermore, we collect open datasets and toolkits for graph-based cybersecurity. Finally, we outlook the potential directions of this field for future research.

翻译：近年来，恶意软件、垃圾邮件、入侵等网络攻击呈爆炸式增长，对社会造成了严重影响。保障网络空间安全已成为组织和政府最为关切的问题。传统的基于机器学习的方法被广泛用于检测网络威胁，但这些方法难以对现实世界网络实体间的关联关系进行建模。近年来，随着图挖掘技术的普及，许多研究者探索利用这些技术来捕获网络实体间的关联关系并取得高性能。为了给未来研究提供指导，综述现有基于图的网络安全解决方案势在必行。因此，作为本文的核心贡献，我们对面向网络安全的图挖掘进行了全面综述，涵盖了网络安全任务概览、典型图挖掘技术、将其应用于网络安全的一般流程，以及针对不同网络安全任务的各种解决方案。针对每项任务，我们深入探究了相关方法，并重点分析了其建模中的图类型、图方法及任务层级。此外，我们还收集了基于图的网络安全领域的公开数据集和工具包。最后，我们对这一领域的未来潜在研究方向进行了展望。