This paper presents a new Network Intrusion Detection System (NIDS) based on Graph Neural Networks (GNNs). GNNs are a relatively new sub-field of deep neural networks, which can leverage the inherent structure of graph-based data. Training and evaluation data for NIDSs are typically represented as flow records, which can naturally be represented in a graph format. In this paper, we propose E-GraphSAGE, a GNN approach that allows capturing both the edge features of a graph as well as the topological information for network intrusion detection in IoT networks. To the best of our knowledge, our proposal is the first successful, practical, and extensively evaluated approach of applying GNNs on the problem of network intrusion detection for IoT using flow-based data. Our extensive experimental evaluation on four recent NIDS benchmark datasets shows that our approach outperforms the state-of-the-art in terms of key classification metrics, which demonstrates the potential of GNNs in network intrusion detection, and provides motivation for further research.
翻译:本文介绍了基于图形神经网络的新的网络入侵探测系统(NIDS)。GNS是深神经网络中一个相对较新的子领域,能够利用基于图形的数据的固有结构。NIDS的培训和评估数据通常以流程记录形式表示,可以自然地以图表格式表示。在本文中,我们建议采用E-GraphSAGE(GNN)方法,既可以捕捉一个图形的边缘特征,也可以捕捉用于在IOT网络中探测网络入侵的地形信息。据我们所知,我们的建议是第一个成功、实用和广泛评价的方法,利用流动数据应用GNNS对互联网的网络入侵探测问题加以应用。我们对最近四个NIDS基准数据集的广泛实验评估表明,我们的方法在关键分类指标方面超过了最新水平,这显示了GNS在网络入侵探测中的潜力,并为进一步研究提供了动力。