Graph-Based Cybersecurity

  1. Cybersecurity Domain Modeling
    1. Graph Schema Design
      1. Schema Definition Principles
        1. Node Type Hierarchies
          1. Edge Type Taxonomies
            1. Property Schema Design
            2. Temporal Modeling Approaches
              1. Time-Stamped Elements
                1. Dynamic Graph Structures
                  1. Snapshot vs Streaming Models
                    1. Temporal Aggregation Strategies
                    2. Schema Evolution and Versioning
                      1. Schema Migration Strategies
                        1. Backward Compatibility
                      2. Security Entity Modeling
                        1. Identity and User Entities
                          1. Human Users
                            1. Service Accounts
                              1. System Accounts
                                1. Identity Providers
                                  1. Authentication Tokens
                                  2. System and Infrastructure Entities
                                    1. Physical Devices
                                      1. Workstations
                                        1. Servers
                                          1. Network Equipment
                                            1. Mobile Devices
                                              1. IoT Devices
                                              2. Virtual Resources
                                                1. Virtual Machines
                                                  1. Containers
                                                    1. Cloud Instances
                                                    2. Network Components
                                                      1. Subnets and VLANs
                                                        1. Firewalls and Gateways
                                                          1. Load Balancers
                                                        2. Software and Application Entities
                                                          1. Installed Applications
                                                            1. Running Processes
                                                              1. Services and Daemons
                                                                1. Libraries and Dependencies
                                                                2. Data and Information Entities
                                                                  1. Files and Documents
                                                                    1. Databases and Tables
                                                                      1. Configuration Files
                                                                        1. Logs and Events
                                                                        2. Security-Specific Entities
                                                                          1. Vulnerabilities
                                                                            1. Threats and Indicators
                                                                              1. Security Alerts
                                                                                1. Incidents and Cases
                                                                                  1. Policies and Rules
                                                                                2. Relationship and Activity Modeling
                                                                                  1. Network Communication Relationships
                                                                                    1. TCP/UDP Connections
                                                                                      1. HTTP/HTTPS Sessions
                                                                                        1. DNS Queries and Responses
                                                                                          1. Email Communications
                                                                                          2. Authentication and Authorization Relationships
                                                                                            1. Login Events
                                                                                              1. Permission Grants
                                                                                                1. Role Assignments
                                                                                                  1. Access Attempts
                                                                                                  2. System Activity Relationships
                                                                                                    1. Process Execution
                                                                                                      1. File Operations
                                                                                                        1. Registry Modifications
                                                                                                          1. Service Interactions
                                                                                                          2. Data Flow Relationships
                                                                                                            1. Data Transfers
                                                                                                              1. API Calls
                                                                                                                1. Database Queries
                                                                                                                  1. Backup Operations
                                                                                                                  2. Security Event Relationships
                                                                                                                    1. Alert Correlations
                                                                                                                      1. Incident Linkages
                                                                                                                        1. Threat Associations

                                                                                                                    Previous

                                                                                                                    2. Foundational Graph Theory

                                                                                                                    Go to top

                                                                                                                    Next

                                                                                                                    4. Graph Analytics for Cybersecurity