The high volume of increasingly sophisticated cyber threats is drawing growing attention to cybersecurity, where many challenges remain unresolved. Namely, for intrusion detection, new algorithms that are more robust, effective, and able to use more information are needed. Moreover, the intrusion detection task faces a serious challenge associated with the extreme class imbalance between normal and malicious traffics. Recently, graph-neural network (GNN) achieved state-of-the-art performance to model the network topology in cybersecurity tasks. However, only a few works exist using GNNs to tackle the intrusion detection problem. Besides, other promising avenues such as applying the attention mechanism are still under-explored. This paper presents two novel graph-based solutions for intrusion detection, the modified E-GraphSAGE, and E-ResGATalgorithms, which rely on the established GraphSAGE and graph attention network (GAT), respectively. The key idea is to integrate residual learning into the GNN leveraging the available graph information. Residual connections are added as a strategy to deal with the high-class imbalance, aiming at retaining the original information and improving the minority classes' performance. An extensive experimental evaluation of four recent intrusion detection datasets shows the excellent performance of our approaches, especially when predicting minority classes.
翻译:越来越多的复杂网络威胁正在日益引起人们对网络安全的关注,其中许多挑战仍未解决。 也就是说,对于入侵探测,需要新的算法,这些算法更加有力、有效,并能使用更多信息。 此外,入侵探测任务面临着与正常交通和恶意交通之间极端阶级不平衡相关的严重挑战。最近,图形神经网络(GNN)取得了最新业绩,以模拟网络网络地形任务中的网络地形。然而,只有少数工作利用全球网络网络进行,以解决入侵探测问题。此外,其他有希望的途径,如应用关注机制等,仍然没有得到充分利用。本文介绍了两种新的入侵探测图表解决方案:经修订的E-GraphSAGE和E-ResGATalgorithms,它们分别依赖既定的GamaSAGE和图形关注网络(GAT)。关键的想法是将剩余学习纳入全球网络,利用现有的图表信息。还添加了剩余联系,作为处理高阶层不平衡的战略,目的是保留原始信息,改进少数群体班的绩效。在对最近四类入侵探测业绩进行广泛的实验性评估时,特别展示了少数群体最近四个阶段的绩效预测。