Graph-Neuro Security for ERP B2B Rails: Anomaly Defense for Critical Supply Chains
DOI:
https://doi.org/10.63282/3050-9262.IJAIDSML-V2I1P110Keywords:
Graph Neural Networks, ERP Security, Supply Chain Resilience, LLM Log Parsing, Zero-Copy Inspection, Federated Learning, Explainable AI, Data SovereigntyAbstract
With increasing integration of Enterprise Resource Planning (ERP) systems across Business-to-Business (B2B) networks and critical supply-chains, they have also become attractive high-value targets for cyber-attacks such as data breaches, fraud, and insider manipulation. As a result, traditional rule-based Intrusion Detection Systems (IDS) are challenged by the relational and event-driven nature of ERP workflow processes. In this paper we introduce a hybrid framework called Graph-Neuro Security (GNS), which utilizes both Graph Neural Networks (GNNs) and Long-Short Term Memory (LLM)-driven log analytics to identify multi-entity anomalies in ERP data flow. GNS is capable of conducting zero-copy and privacy preserving analysis on ERP data flow between distributed ERP systems, thereby meeting all regulatory compliance requirements associated with SOX, GDPR, and FedRAMP. We evaluated GNS using the ERP-BENCH dataset which consists of over 20,000 synthetic and real-world ERP transaction examples based on MITRE ATT&CK patterns. Our results demonstrated that GNS achieved a 94% F1 score and 4.1 second average detection latency, significantly outperforming the baseline performance of traditional IDS approaches. Therefore our research demonstrates the feasibility of implementing regulation compliant federated anomaly detection in mission-critical ERP systems. Finally, we conclude that an open benchmark and a multi-industry consortium should be formed to standardize graph-based anomaly detection for ERP supply-chain security.
References
[1] Scarselli, F., Gori, M., Tsoi, A. C., Hagenbuchner, M., & Monfardini, G. (2009). The graph neural network model. IEEE Transactions on Neural Networks, 20(1), 61–80.
[2] Graph-based anomaly detection and description: A survey. Data Mining and Knowledge Discovery, 29(3), 626–688. https://doi.org/10.1007/s10618-014-0365-y
[3] Harshaw, C. R., Bridges, R. A., Iannacone, M. D., Reed, J. W., & Goodall, J. R. (2016).
[4] GraphPrints: Towards a graph analytic method for network anomaly detection. IEEE Conference on Cybersecurity Development (SecDev).
[5] He, P., Zhu, J., He, S., Li, J., & Lyu, M. R. (2017). An evaluation study on log parsing and its use in log mining. 2017 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 654–661. https://doi.org/10.1109/DSN.2017.65
[6] Truex, S., Baracaldo, N., Anwar, A., Steinke, T., Ludwig, H., Zhang, R., & Zhou, Y. (2019).
[7] A hybrid approach to privacy-preserving federated learning. Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, 1–11.
[8] Mothukuri, V., Parizi, R. M., Pouriyeh, S., Huang, Y., Dehghantanha, A., & Srivastava, G. (2021). A survey on security and privacy of federated learning. Future Generation Computer Systems, 115, 619–640. https://doi.org/10.1016/j.future.2020.10.007
[9] Boyens, J. M., Paulsen, C., Bartol, N., Winkler, K., & Gimbi, J. (2020).
[10] Case studies in cyber supply chain risk management: Summary of findings and recommendations. National Institute of Standards and Technology (NIST). https://doi.org/10.6028/NIST.IR.8286
[11] Kieras, T., Farooq, M. J., & Zhu, Q. (2019). RIoTS: Risk analysis of IoT supply chain threats. arXiv preprint arXiv:1911.12862.
[12] Wachter, S., Mittelstadt, B., & Russell, C. (2018). Counterfactual explanations without opening the black box: Automated decisions and the GDPR. Harvard Journal of Law & Technology, 31(2), 841–887.
[13] Phillips, P. J., Hahn, C. A., Fontana, P. C., Broniatowski, D. A., & Przybocki, M. A. (2020). Four principles of explainable artificial intelligence (draft). National Institute of Standards and Technology (NIST). https://doi.org/10.6028/NIST.IR.8312-draft
