This paper presents a new network intrusion detection system (NIDS) based on Graph Neural Networks (GNNs). GNNs are a relatively new sub-field of deep neural networks, which have the unique ability to leverage the inherent structure of graph-based data. Training and evaluation data for NIDSs are typically represented as flow records, which can naturally be represented in a graph format. This establishes the potential and motivation for exploring GNNs for the purpose of network intrusion detection, which is the focus of this paper. E-GraphSAGE, our proposed new approach is based on the established GraphSAGE model, but provides the necessary modifications in order to support edge features for edge classification, and hence the classification of network flows into benign and attack classes. An extensive experimental evaluation based on six recent NIDS benchmark datasets shows the excellent performance of our E-GraphSAGE based NIDS in comparison with the state-of-the-art.
翻译:本文件介绍了基于图形神经网络的新的网络入侵探测系统(NIDS)。GNS是深神经网络中较新的一个子领域,具有独特的能力来利用基于图形的数据的固有结构。NIDS的培训和评估数据通常以流程记录形式表示,可以自然地以图表格式表示。这确定了为网络入侵探测目的探索GNS的潜力和动机,这是本文的重点。E-GraphSAGE,我们提议的新方法以既定的GreaphSAGE模型为基础,但提供了必要的修改,以支持边缘分类的边缘特征,从而支持网络流向良性和攻击类的分类。根据最近6个NIDS基准数据集进行的广泛实验评估表明,我们基于网络入侵探测的E-GASAGE与最新技术相比表现良好。