HpGraphNEI: A network entity identification model based on heterophilous graph learning

Network entities have important asset mapping, vulnerability, and service delivery applications. In cyberspace, where the network structure is complex and the number of entities is large, effectively obtaining the relevant attributes of entities is a difficult task. Graph neural network-based approaches focus on target IP node messaging from neighboring nodes; however, the graph learning task ignores the heterophilous relationship of network entity identification (NEI) tasks in the graph structure and fails to effectively message from non-neighboring nodes. To address the limitations of the existing task, we propose a NEI model based on heterophilous graph learning (HpGraphNEI); HpGraphNEI converts heterophilous graphs under the NEI task into homophilous graphs and uses the graph learning mechanism to carry out attribute completion task for incomplete entity attributes. First, the acquired dataset is feature-extracted by network measurement, and the clustering algorithm is employed to divide the target nodes into communities. Second, the network topology graph is constructed to embed the node attribute information and neighborhood structure information into the graph in the form of feature vectors. Then, the global attention in the community is calculated according to the attention results, the edges with strong correlation in the network are filtered, the adjacency matrix is reconstructed, and then the updated node information is aggregated to complete the incomplete attribute completion. Fourth, the updated nodes are categorized to output network entity categories and construct network entity portraits based on the attribute completion nodes. We conducted a 2-month data collection in three real regions and successfully identified 6 types of network entities. Compared with the optimal baseline, all the metrics have significantly improved, with NEI accuracy above 93.74% and up to 96.28%, improved 2.27% to 2.69%.