Abstract
In the wake of the generalised spread of machine learning approaches, attackers are actively considering those approaches to avoid being detected. Classification models for attack detection are foremost composed of feature-driven algorithms. Thus, primary features which are individual dimension in the original attributes of data in the input space are a prime target to compromise an AI-driven model. Additionally, adversarial examples have shown that an attacker does not need to have knowledge of detection criteria to compromise a detection model, even in the case of a black box model. Attacks behavioural changes cause features from attacks datapoints to be altered and detection performances to drop. Thus, robust features must be engineered to prevent models to be compromised in such manner. Graph-based feature engineering has recently shown promising results considering robust threat detection. We offer an overview on methods for graph-based features extraction and explain why they are relevant to robust feature engineering for threat detection purposes. We detail what we think are properties for feature space to be sustainable and efficient for their prolonged exploitation in security operating centres. Specifically, we provide key criteria for the robustness of a feature space for attack detection. Finally, we summarize the characteristics for time robust feature selection, identify current limitations specific to the distinctive type of graph-based approaches in the purposes of threat detection in large internet networks.