GPML: Graph Processing for Machine Learning
Majed Jaber, Julien Michel, Nicolas Boutry, Pierre Parrend
TL;DR
GPML presents a Python-based library that transforms raw network traffic into graph representations to enable graph-analytic attack detection in dynamic networks. It combines Dynamic Graph Community (DGC) metrics and spectral metrics (SPECTRA) to capture evolving interaction patterns and topological changes over time, aided by time-windowed processing and visualization. The authors detail architecture, implementation, and functionality for data preparation, feature extraction, and visualization, and demonstrate improvements on datasets such as UGR16, TonIoT, and Botnet, highlighting the value of graph-based insights for security tasks. The work positions GPML as a scalable platform for real-time and forensic network analysis and outlines future directions toward AI-driven threat detection and integration with broader security workflows.
Abstract
The dramatic increase of complex, multi-step, and rapidly evolving attacks in dynamic networks involves advanced cyber-threat detectors. The GPML (Graph Processing for Machine Learning) library addresses this need by transforming raw network traffic traces into graph representations, enabling advanced insights into network behaviors. The library provides tools to detect anomalies in interaction and community shifts in dynamic networks. GPML supports community and spectral metrics extraction, enhancing both real-time detection and historical forensics analysis. This library supports modern cybersecurity challenges with a robust, graph-based approach.
