Graph link prediction is an important task in cybersecurity: relationships between entities within a computer network, such as users interacting with computers or system libraries and the corresponding processes that use them, can provide key insights into adversary behaviour. Poisson matrix factorisation (PMF) is a popular model for link prediction in large networks, particularly useful for its scalability. In this article PMF is extended to include scenarios that are commonly encountered in cybersecurity applications. Specifically, an extension is proposed to explicitly handle binary adjacency matrices and include known categorical covariates associated with the graph nodes. A seasonal PMF model is also presented to handle seasonal networks. To allow the methods to scale to large graphs, variational methods are discussed for performing fast inference. The results show an improved performance over the standard PMF model and other statistical network models.
Research presented in this article was supported by the Laboratory Directed Research and Development program of Los Alamos National Laboratory (New Mexico, USA) under project number 20180607ECR.
The authors acknowledge funding from Los Alamos National Laboratory, EPSRC and the Heilbronn Institute for Mathematical Research.
The authors also thank the editor and reviewers for valuable comments and suggestions that significantly improved the paper.
This work was completed while the second author was in the Advanced Research in Cyber-Systems group at Los Alamos National Laboratory (New Mexico, USA).
Francesco Sanna Passino. Melissa J. M. Turcotte. Nicholas A. Heard. "Graph link prediction in computer networks using Poisson matrix factorisation." Ann. Appl. Stat. 16 (3) 1313 - 1332, September 2022. https://doi.org/10.1214/21-AOAS1540