Method and apparatus for network intrusion detection using a latency-based temporal graph embedding

What is claimed is: 1 . A method for facilitating intrusion detection in a network having network nodes communicating messages to one another to support secure transactions, the method comprising: monitoring the network to determine, for one instance of the secure transactions, occurrences of the messages and associated timing information corresponding to said one instance; generating, based on said monitoring, an indication of a temporal graph having vertices representing actions of the network nodes and edges representing causal paths between the vertices, the causal paths including the messages, wherein: each one of a plurality of the causal paths is associated with a corresponding latency value and a corresponding ordinal value, the latency value indicative of an amount of time delay introduced at one of the network nodes in association with generating said one of the plurality of causal paths, the ordinal value indicative of a relative order, within a prescribed, ordered multi-step process, of said one of the plurality of causal paths; generating an embedding characterizing the temporal graph, the generating of the embedding comprising processing instances of the latency values together with instances of the ordinal values, including, for at least one of the plurality of causal paths, processing the corresponding latency value of said one of the plurality of causal paths together with the corresponding ordinal value of said one of the plurality of causal paths; forwarding the embedding for processing by a machine learning system; and performing, by the machine learning system, the intrusion detection based on the embedding, and generating an output indicating whether or not an intrusion is detected. 2 . The method of claim 1 , wherein the intrusion involves a reordering attack, the reordering attack being a latency-based attack involving one or more of the network nodes delaying transmission of one or more of the messages. 3 . The method of claim 1 , wherein the network implements a permissioned blockchain to carry out the secure transactions. 4 . The method of claim 3 , wherein the permissioned blockchain corresponds to Hyperledger™ fabric. 5 . The method of claim 1 , wherein the embedding comprises multiple values representable as a vector. 6 . The method of claim 1 , wherein, for each one of the plurality of causal paths, the corresponding latency value, the corresponding ordinal value, and said one of the causal paths together define a corresponding triple, and wherein generating the embedding comprises: determining a vector A formed of instances of the latency values which are statistical outliers relative to a vector S comprising all of the latency values; determining the vector S formed of all of the latency values; determining a vector O A formed of instances of the ordinal values, each n th entry in the vector O A being the corresponding ordinal value of the triple having its corresponding latency value as the n th entry in the vector A; and determining a vector O S formed of instances of the ordinal values, each n th entry in the vector O S being the corresponding ordinal value of the triple having its corresponding latency value as the n th entry in the vector S. 7 . The method of claim 6 , wherein generating the embedding comprises processing the vector A, the vector S, the vector O A and the vector O S using one or more operations to generate processed information. 8 . The method of claim 7 , wherein the processed information forms part or all of the embedding. 9 . The method of claim 7 , wherein generating the embedding comprises further processing of the processed information according to one or more statistical measures, wherein output of the further processing forms part or all of the embedding. 10 . The method of claim 7 , wherein the one or more operations comprise one or more of: computing a Hadamard product between the vector A and the vector O A ; computing a Hadamard product between the vector S and the vector O S ; computing a dot (inner) product between the vector A and the vector O A ; computing a dot (inner) product between the vector S and the vector O S ; and computing a statistical distance between: a statistical distribution representative of the vector A; and a reference statistical distribution indicative of the latency values in absence of the intrusion; and computing a statistical distance between: a statistical distribution representative of the vector S; and the reference statistical distribution. 11 . The method of claim 10 , wherein generating the embedding comprises further processing of the processed information according to one or more statistical measures, wherein output of the further processing forms part or all of the embedding, and wherein the further processing comprises generating the statistical measures for one or more of: the Hadamard product between the vector A and the vector O A ; and the Hadamard product between the vector S and the vector O S . 12 . The method of claim 10 , wherein the reference statistical distribution is based on a history of secure transactions executed in the network prior to said one instance of the secure transaction. 13 . The method of claim 10 , wherein the statistical distance is a Kullback-Leibler divergence, a Jensen-Shannon divergence or a Kolmogorov-Smirnov statistic. 14 . The method of claim 6 , wherein the determining the vector A is performed using an unsupervised isolation forest machine learning operation. 15 . A computing apparatus for facilitating intrusion detection in a network having network nodes communicating messages to one another to support secure transactions, the apparatus configured to: monitor the network to determine, for one instance of the secure transactions, occurrences of the messages and associated timing information corresponding to said one instance; generate, based on said monitoring, an indication of a temporal graph having vertices representing actions of the network nodes and edges representing causal paths between the vertices, the causal paths including the messages, wherein: each one of a plurality of the causal paths is associated with a corresponding latency value and a corresponding ordinal value, the latency value indicative of an amount of time delay introduced at one of the network nodes in association with generating said one of the plurality of causal paths, the ordinal value indicative of a relative order, within a prescribed, ordered multi-step process, of said one of the plurality of causal paths; generate an embedding characterizing the temporal graph, the generating of the embedding comprising processing instances of the latency values together with instances of the ordinal values, including, for at least one of the plurality of causal paths, processing the corresponding latency value of said one of the plurality of causal paths together with the corresponding ordinal value of said one of the plurality of causal paths; forward the embedding for processing by a machine learning system; and perform, by the machine learning system, the intrusion detection based on the embedding, and generate an output indicating whether or not an intrusion is detected. 16 . The apparatus of claim 15 , wherein, for each one of the causal paths, the corresponding latency value, the corresponding ordinal value and said one of the plurality of causal paths collectively define a corresponding triple, and wherein generating the embedding comprises: determining a vector A formed of instances of the latency values which