基于GATv2的网络入侵异常检测方法

doi:10.11871/jfdc.issn.2096-742X.2024.01.016

数据与计算发展前沿 ›› 2024, Vol. 6 ›› Issue (1): 179-190.

CSTR: 32002.14.jfdc.CN10-1649/TP.2024.01.016

doi: 10.11871/jfdc.issn.2096-742X.2024.01.016

• 技术与应用 • 上一篇

基于GATv2的网络入侵异常检测方法

郑海潇^1,²(),马梦帅^1,²,文斌^1,^2,^*(),曾昭武^1,²,刘文龙^1,²

1.数据科学与智慧教育教育部重点实验室（海南师范大学），海南海口 571158
2.海南师范大学，信息科学技术学院，海南海口 571158

收稿日期:2023-08-07 出版日期:2024-02-20 发布日期:2024-02-21
通讯作者: * 文斌（E-mail: binwen@hainnu.edu.cn）
作者简介:郑海潇，海南师范大学，硕士研究生，中国计算机学会会员，主要研究方向为网络空间安全、异常检测。
本文主要承担工作为实验设计、实验方法改进、分析和处理数据、论文撰写。Zheng Haixiao is a master’s student at the Hainan Normal University of China. His research interests include cyberspace security, and anomaly detection.
In this paper, he is responsible for experimental design, experimental method improvement, data analysis and processing, and paper writing.
E-mail: 1812998694@qq.com|文斌，工学博士、海南师范大学教授，云计算与大数据研究中心主任，数据科学与智慧教育教育部重点实验室责任教授，海南省人工智能学会区块链专委会主任，中国计算机学会软件工程专委会、服务计算专委会执行委员，已经出版学术专著5部、发表学术论文40余篇、授权发明专利2项，主要研究领域为网络异常行为检测、软件安全、大数据服务共享与交易。
本文中负责论文修改和指导相关工作。
WEN Bin, Ph.D., is an professor of Hainan Normal University, Director of Cloud Computing and Big data Research Center, Responsible Professor of Key Laboratory of Data Science and Smart Education, Ministry of Education, Director of Blockchain Special Committee of Hainan Artificial Intelligence Society, Executive Member of Software Engineering Special Committee and Service Computing Special Committee of China Computer Federation. He has published 5 academic monographs, over 40 academic papers, and 2 authorized invention patents. His research interests include Network abnormal behavior detection, software security, Big data service sharing and trading.
In this paper, he is responsible for revising and guiding related work in this article.
E-mail: binwen@hainnu.edu.cn
基金资助:
海南省自然科学基金(623RC485);国家自然科学基金(62362029)

Network Intrusion Anomaly Detection with GATv2

ZHENG Haixiao^1,²(),MA Mengshuai^1,²,WEN Bin^1,^2,^*(),ZENG Zhaowu^1,²,LIU Wenlong^1,²

1. Key Laboratory of Data Science and Smart Education of Ministry of Education (Hainan Normal University), Haikou, Hainan 571158, China
2. School of Information Science and Technology, Hainan Normal University, Haikou, Hainan 571158, China

Received:2023-08-07 Online:2024-02-20 Published:2024-02-21

摘要/Abstract

摘要：

【目的】随着网络环境日益复杂化，其所遭受的威胁也愈发严重。入侵检测作为网络安全主动防御的重要手段之一，需要提供更健壮、更有效的检测方法来应对这些挑战。【方法】图神经网络在异常检测方面表现优异。本文基于GATv2（一种改进的图神经网络方法）来构建网络入侵检测的图神经网络方法E-ResGATv2。具体来说，首先将网络流量数据构建成网络流量图，然后通过图形转换来将流量图转换成适合图神经网络处理的图形，以此检测入侵异常流量，并将残差学习集成到图神经网络聚合信息的过程中。【结果】在两个公开入侵检测数据集上的实验结果表明，E-ResGATv2方法的检测效果要好于原始图神经方法，并且具有更强的抗噪能力。【结论】在与机器学习方法取得相似检测效果的情况下，图神经网络方法表现出更强的抗干扰能力，这在复杂多变的网络环境中具有实际意义。

关键词: 入侵检测, 图神经网络, 异常检测

Abstract:

[Objective] As the network environment becomes increasingly complex, the threats it faces are also becoming increasingly serious. As one of the important means of Active Defense for network security, intrusion detection needs to provide more robust and effective detection methods to meet these challenges. [Methods] The graph neural network performs excellently in anomaly detection. This article is based on GATv2 (an improved graph neural network method) to construct the graph neural network method E-ResGATv2 for network intrusion detection. Specifically, we first construct network traffic data into a network traffic graph and then convert the graph into a graph suitable for graph neural network processing through graph transformation to detect intrusion anomaly traffic. We integrate residual learning into the process of graph neural network aggregation information. [Results] The experimental results on two publicly available intrusion detection datasets show that the E-ResGATv2 method has better detection performance than the original graph neural network method and stronger noise resistance. [Conclusions] When achieving similar detection results with machine learning methods, graph neural network methods exhibit stronger anti-interference ability, which is more practical in complex and ever-changing network environments.

Key words: intrusion detection, graph neural network, anomaly detection

郑海潇, 马梦帅, 文斌, 曾昭武, 刘文龙. 基于GATv2的网络入侵异常检测方法[J]. 数据与计算发展前沿, 2024, 6(1): 179-190.

ZHENG Haixiao, MA Mengshuai, WEN Bin, ZENG Zhaowu, LIU Wenlong. Network Intrusion Anomaly Detection with GATv2[J]. Frontiers of Data and Computing, 2024, 6(1): 179-190, https://cstr.cn/32002.14.jfdc.CN10-1649/TP.2024.01.016.

图/表 8

图1

图2

图3

表1

图4

图5

图6

图7

参考文献 17

[1]	MIGHAN S N, KAHANI M. A novel scalable intrusion detection system based on deep learning[J]. International Journal of Information Security, 2021, 20: 387-403. doi: 10.1007/s10207-020-00508-5
[2]	WANG Z, LIU Y, HE D, et al. Intrusion detection methods based on integrated deep learning model[J]. Computers & Security, 2021, 103: 102177. doi: 10.1016/j.cose.2021.102177
[3]	JIANG W. Graph-based deep learning for communication networks: A survey[J]. Computer Communications, 2022, 185: 40-54. doi: 10.1016/j.comcom.2021.12.015
[4]	LO W W, LAYEGHY S, SARHAN M, et al. E-graphsage: A graph neural network based intrusion detection system for iot[C]// NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. IEEE, 2022: 1-9.
[5]	CAVILLE E, LO W W, LAYEGHY S, et al. Anomal-E: A self-supervised network intrusion detection system based on graph neural networks[J]. Knowledge-Based Systems, 2022, 258: 110030. doi: 10.1016/j.knosys.2022.110030
[6]	王振东, 徐振宇, 李大海, 等. 面向入侵检测的元图神经网络构建与分析[J/OL]. 自动化学报: 1-24[2023-04-01].
[7]	郭嘉琰, 李荣华, 张岩, 等. 基于图神经网络的动态网络异常检测算法[J]. 软件学报, 2020, 31(3):748-762.
[8]	HEI Y, YANG R, PENG H, et al. Hawk: Rapid android malware detection through heterogeneous graph attention networks[J]. IEEE Transactions on Neural Networks and Learning Systems, 2021.
[9]	LI Y, LI R, ZHOU Z, et al. GraphDDoS: Effective DDoS Attack Detection Using Graph Neural Networks[C]// 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 2022: 1275-1280.
[10]	CHANG L, BRANCO P. Graph-based solutions with residuals for intrusion detection: The modified e-graphsage and e-resgat algorithms[J]. arXiv preprint arXiv:2111.13597, 2021.
[11]	PUJOL-PERICH D, SUAREZ-VARELA J, CABELLOS-APARICIO A, et al. Unveiling the potential of graph neural networks for robust intrusion detection[J]. ACM SIGMETRICS Performance Evaluation Review, 2022, 49(4): 111-117. doi: 10.1145/3543146.3543171
[12]	SCARSELLI F M. GORI M, TSOI A C, et al. The Graph Neural Network Model[J]. IEEE Transactions on Neural Networks, 2008, 20(1): 61-80. doi: 10.1109/TNN.2008.2005605
[13]	VELICKOVIC P, CUCURULL G, CASANOVA A, et al. Graph attention networks[J]. Stat, 2017, 1050: 20.
[14]	BRODY S, ALON U, YAHAV E. How attentive are graph attention networks?[J]. arXiv preprint arXiv:2105.14491, 2021.
[15]	MOUSTAFA N, SLAY J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// 2015 military communications and information systems conference (MilCIS). IEEE, 2015: 1-6.
[16]	MOUSTAFA N. A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets[J]. Sustainable Cities and Society, 2021, 72: 102994. doi: 10.1016/j.scs.2021.102994
[17]	MASEER Z K, YUSOF R, BAHAMAN N, et al. Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset[J]. IEEE ACCESS, 2021, 9: 22351-22370. doi: 10.1109/Access.6287639

基于GATv2的网络入侵异常检测方法

Network Intrusion Anomaly Detection with GATv2

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 17

相关文章 4

编辑推荐

Metrics

本文评价

[1]	杜冠瑶, 郭勇杰, 龙春, 赵静, 万巍. 网络异常检测领域概念漂移问题研究综述[J]. 数据与计算发展前沿, 2024, 6(1): 162-178.
[2]	孙永谦,张茹茹,林子涵,张圣林,谭智元,张玉志. KPI异常检测方法评估[J]. 数据与计算发展前沿, 2022, 4(3): 46-65.
[3]	肖建平,龙春,赵静,魏金侠,胡安磊,杜冠瑶. 基于深度学习的网络入侵检测研究综述[J]. 数据与计算发展前沿, 2021, 3(3): 59-74.
[4]	张圣林,林潇霏,孙永谦,张玉志,裴丹. 基于深度学习的无监督KPI异常检测[J]. 数据与计算发展前沿, 2020, 2(3): 87-100.