AlertStar: Path-Aware Alert Prediction on Hyper-Relational Knowledge Graphs

Intrusion Detection Semantic Path Reasoning: Existing network intrusion detection approaches lack sufficient semantic depth for path reasoning over attacker-victim interactions.

Context Loss in Binary KGC: Standard binary knowledge graph completion triples discard contextual alert metadata needed for richer alert modeling.

Hyper-Relational Alert Prediction: The paper addresses predicting network alerts represented as hyper-relational knowledge graph statements with qualifiers.

Full Graph Propagation Overhead: Full knowledge graph propagation introduces overhead for hyper-relational alert prediction methods.

Multi-Condition Threat Reasoning: Threat reasoning requires answering complex multi-condition logical queries over alert knowledge graphs.

Hyper-Relational Alert KG Formulation: The approach models network alerts as a knowledge graph and formulates alert prediction as hyper-relational knowledge graph completion using qualified statements.

HR-NBFNet: HR-NBFNet extends Neural Bellman-Ford Networks to hyper-relational knowledge graphs with qualifier-aware multi-hop path reasoning.

MT-HR-NBFNet: MT-HR-NBFNet jointly predicts tail, relation, and qualifier-value in a single traversal pass.

AlertStar: AlertStar fuses qualifier context and structural path information in embedding space using cross-attention and learned path composition.

MT-AlertStar: MT-AlertStar is a multi-task extension of AlertStar designed to avoid full knowledge graph propagation overhead.

Superior Alert Prediction Metrics:

Efficient Local Qualifier Fusion:

Complex Query Answering Capability: