数据与计算发展前沿 ›› 2024, Vol. 6 ›› Issue (1): 179-190.

CSTR: 32002.14.jfdc.CN10-1649/TP.2024.01.016

doi: 10.11871/jfdc.issn.2096-742X.2024.01.016

• 技术与应用 • 上一篇    

基于GATv2的网络入侵异常检测方法

郑海潇1,2(),马梦帅1,2,文斌1,2,*(),曾昭武1,2,刘文龙1,2   

  1. 1.数据科学与智慧教育教育部重点实验室(海南师范大学),海南 海口 571158
    2.海南师范大学,信息科学技术学院,海南 海口 571158
  • 收稿日期:2023-08-07 出版日期:2024-02-20 发布日期:2024-02-21
  • 通讯作者: * 文斌(E-mail: binwen@hainnu.edu.cn
  • 作者简介:郑海潇,海南师范大学,硕士研究生,中国计算机学会会员,主要研究方向为网络空间安全、异常检测。
    本文主要承担工作为实验设计、实验方法改进、分析和处理数据、论文撰写。Zheng Haixiao is a master’s student at the Hainan Normal University of China. His research interests include cyberspace security, and anomaly detection.
    In this paper, he is responsible for experimental design, experimental method improvement, data analysis and processing, and paper writing.
    E-mail: 1812998694@qq.com|文斌,工学博士、海南师范大学教授,云计算与大数据研究中心主任,数据科学与智慧教育教育部重点实验室责任教授,海南省人工智能学会区块链专委会主任,中国计算机学会软件工程专委会、服务计算专委会执行委员,已经出版学术专著5部、发表学术论文40余篇、授权发明专利2项,主要研究领域为网络异常行为检测、软件安全、大数据服务共享与交易。
    本文中负责论文修改和指导相关工作。
    WEN Bin, Ph.D., is an professor of Hainan Normal University, Director of Cloud Computing and Big data Research Center, Responsible Professor of Key Laboratory of Data Science and Smart Education, Ministry of Education, Director of Blockchain Special Committee of Hainan Artificial Intelligence Society, Executive Member of Software Engineering Special Committee and Service Computing Special Committee of China Computer Federation. He has published 5 academic monographs, over 40 academic papers, and 2 authorized invention patents. His research interests include Network abnormal behavior detection, software security, Big data service sharing and trading.
    In this paper, he is responsible for revising and guiding related work in this article.
    E-mail: binwen@hainnu.edu.cn
  • 基金资助:
    海南省自然科学基金(623RC485);国家自然科学基金(62362029)

Network Intrusion Anomaly Detection with GATv2

ZHENG Haixiao1,2(),MA Mengshuai1,2,WEN Bin1,2,*(),ZENG Zhaowu1,2,LIU Wenlong1,2   

  1. 1. Key Laboratory of Data Science and Smart Education of Ministry of Education (Hainan Normal University), Haikou, Hainan 571158, China
    2. School of Information Science and Technology, Hainan Normal University, Haikou, Hainan 571158, China
  • Received:2023-08-07 Online:2024-02-20 Published:2024-02-21

摘要:

【目的】随着网络环境日益复杂化,其所遭受的威胁也愈发严重。入侵检测作为网络安全主动防御的重要手段之一,需要提供更健壮、更有效的检测方法来应对这些挑战。【方法】图神经网络在异常检测方面表现优异。本文基于GATv2(一种改进的图神经网络方法)来构建网络入侵检测的图神经网络方法E-ResGATv2。具体来说,首先将网络流量数据构建成网络流量图,然后通过图形转换来将流量图转换成适合图神经网络处理的图形,以此检测入侵异常流量,并将残差学习集成到图神经网络聚合信息的过程中。【结果】在两个公开入侵检测数据集上的实验结果表明,E-ResGATv2方法的检测效果要好于原始图神经方法,并且具有更强的抗噪能力。【结论】在与机器学习方法取得相似检测效果的情况下,图神经网络方法表现出更强的抗干扰能力,这在复杂多变的网络环境中具有实际意义。

关键词: 入侵检测, 图神经网络, 异常检测

Abstract:

[Objective] As the network environment becomes increasingly complex, the threats it faces are also becoming increasingly serious. As one of the important means of Active Defense for network security, intrusion detection needs to provide more robust and effective detection methods to meet these challenges. [Methods] The graph neural network performs excellently in anomaly detection. This article is based on GATv2 (an improved graph neural network method) to construct the graph neural network method E-ResGATv2 for network intrusion detection. Specifically, we first construct network traffic data into a network traffic graph and then convert the graph into a graph suitable for graph neural network processing through graph transformation to detect intrusion anomaly traffic. We integrate residual learning into the process of graph neural network aggregation information. [Results] The experimental results on two publicly available intrusion detection datasets show that the E-ResGATv2 method has better detection performance than the original graph neural network method and stronger noise resistance. [Conclusions] When achieving similar detection results with machine learning methods, graph neural network methods exhibit stronger anti-interference ability, which is more practical in complex and ever-changing network environments.

Key words: intrusion detection, graph neural network, anomaly detection