Hacker group identification based on dynamic heterogeneous graph node update

This paper addresses the critical task of hacker identification within the cyber traceability system. While the latest hacker group identification method based on the heterogeneous graph attention network (HGHAN) holds promise in discovering hacker groups, its potential is hindered by the underutilization of node information and poor training efficiency. Particularly, attribute information dilution during node feature extraction and lengthy training for node embedding vector reassignment when new nodes are added have been observed. To rectify these shortcomings, the paper presents an improved model for hacker group identification. This novel approach leverages dynamic heterogeneous graph node updating to significantly boost efficiency without compromising the original model’s classification accuracy. The key aspects of the method involve pre-learning for node attribute training vectors, LSTM (Long Short-Term Memory) and attention mechanisms for node feature vector refinement, and introducing a sparse matrix and dynamic node update scheme. The experimental results demonstrate marked improvements in training efficiency and graph update processes while maintaining classification accuracy. This advancement signifies the improved HGHAN model’s capacity to adeptly navigate real-world network dynamics, assisting researchers in pinpointing malicious attackers amid cyber incidents.