Network Intrusion Anomaly Detection with GATv2

doi:10.11871/jfdc.issn.2096-742X.2024.01.016

Abstract

Abstract:

[Objective] As the network environment becomes increasingly complex, the threats it faces are also becoming increasingly serious. As one of the important means of Active Defense for network security, intrusion detection needs to provide more robust and effective detection methods to meet these challenges. [Methods] The graph neural network performs excellently in anomaly detection. This article is based on GATv2 (an improved graph neural network method) to construct the graph neural network method E-ResGATv2 for network intrusion detection. Specifically, we first construct network traffic data into a network traffic graph and then convert the graph into a graph suitable for graph neural network processing through graph transformation to detect intrusion anomaly traffic. We integrate residual learning into the process of graph neural network aggregation information. [Results] The experimental results on two publicly available intrusion detection datasets show that the E-ResGATv2 method has better detection performance than the original graph neural network method and stronger noise resistance. [Conclusions] When achieving similar detection results with machine learning methods, graph neural network methods exhibit stronger anti-interference ability, which is more practical in complex and ever-changing network environments.

Key words: intrusion detection, graph neural network, anomaly detection

ZHENG Haixiao, MA Mengshuai, WEN Bin, ZENG Zhaowu, LIU Wenlong. Network Intrusion Anomaly Detection with GATv2[J]. Frontiers of Data and Computing, 2024, 6(1): 179-190, https://cstr.cn/32002.14.jfdc.CN10-1649/TP.2024.01.016.

Figures/Tables 8

Fig.1

Fig.2

Fig.3

Table 1

Fig.4

Fig.5

Fig.6

Fig.7

References 17

[1]	MIGHAN S N, KAHANI M. A novel scalable intrusion detection system based on deep learning[J]. International Journal of Information Security, 2021, 20: 387-403. doi: 10.1007/s10207-020-00508-5
[2]	WANG Z, LIU Y, HE D, et al. Intrusion detection methods based on integrated deep learning model[J]. Computers & Security, 2021, 103: 102177. doi: 10.1016/j.cose.2021.102177
[3]	JIANG W. Graph-based deep learning for communication networks: A survey[J]. Computer Communications, 2022, 185: 40-54. doi: 10.1016/j.comcom.2021.12.015
[4]	LO W W, LAYEGHY S, SARHAN M, et al. E-graphsage: A graph neural network based intrusion detection system for iot[C]// NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. IEEE, 2022: 1-9.
[5]	CAVILLE E, LO W W, LAYEGHY S, et al. Anomal-E: A self-supervised network intrusion detection system based on graph neural networks[J]. Knowledge-Based Systems, 2022, 258: 110030. doi: 10.1016/j.knosys.2022.110030
[6]	王振东, 徐振宇, 李大海, 等. 面向入侵检测的元图神经网络构建与分析[J/OL]. 自动化学报: 1-24[2023-04-01].
[7]	郭嘉琰, 李荣华, 张岩, 等. 基于图神经网络的动态网络异常检测算法[J]. 软件学报, 2020, 31(3):748-762.
[8]	HEI Y, YANG R, PENG H, et al. Hawk: Rapid android malware detection through heterogeneous graph attention networks[J]. IEEE Transactions on Neural Networks and Learning Systems, 2021.
[9]	LI Y, LI R, ZHOU Z, et al. GraphDDoS: Effective DDoS Attack Detection Using Graph Neural Networks[C]// 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 2022: 1275-1280.
[10]	CHANG L, BRANCO P. Graph-based solutions with residuals for intrusion detection: The modified e-graphsage and e-resgat algorithms[J]. arXiv preprint arXiv:2111.13597, 2021.
[11]	PUJOL-PERICH D, SUAREZ-VARELA J, CABELLOS-APARICIO A, et al. Unveiling the potential of graph neural networks for robust intrusion detection[J]. ACM SIGMETRICS Performance Evaluation Review, 2022, 49(4): 111-117. doi: 10.1145/3543146.3543171
[12]	SCARSELLI F M. GORI M, TSOI A C, et al. The Graph Neural Network Model[J]. IEEE Transactions on Neural Networks, 2008, 20(1): 61-80. doi: 10.1109/TNN.2008.2005605
[13]	VELICKOVIC P, CUCURULL G, CASANOVA A, et al. Graph attention networks[J]. Stat, 2017, 1050: 20.
[14]	BRODY S, ALON U, YAHAV E. How attentive are graph attention networks?[J]. arXiv preprint arXiv:2105.14491, 2021.
[15]	MOUSTAFA N, SLAY J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// 2015 military communications and information systems conference (MilCIS). IEEE, 2015: 1-6.
[16]	MOUSTAFA N. A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets[J]. Sustainable Cities and Society, 2021, 72: 102994. doi: 10.1016/j.scs.2021.102994
[17]	MASEER Z K, YUSOF R, BAHAMAN N, et al. Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset[J]. IEEE ACCESS, 2021, 9: 22351-22370. doi: 10.1109/Access.6287639