This paper presents a new Network Intrusion Detection System (NIDS) based on Graph Neural Networks (GNNs). GNNs are a relatively new sub-field of deep neural networks, which can leverage the inherent structure of graph-based data. Training and evaluation data for NIDSs are typically represented as flow records, which can naturally be represented in a graph format. This establishes the potential and motivation for exploring GNNs for network intrusion detection, which is the focus of this paper. Current studies on machine learning-based NIDSs only consider the network flows independently rather than taking their interconnected patterns into consideration. This is the key limitation in the detection of sophisticated IoT network attacks such as DDoS and distributed port scan attacks launched by IoT devices. In this paper, we propose \mbox{E-GraphSAGE}, a GNN approach that overcomes this limitation and allows capturing both the edge features of a graph as well as the topological information for network anomaly detection in IoT networks. To the best of our knowledge, our approach is the first successful, practical, and extensively evaluated approach of applying Graph Neural Networks on the problem of network intrusion detection for IoT using flow-based data. Our extensive experimental evaluation on four recent NIDS benchmark datasets shows that our approach outperforms the state-of-the-art in terms of key classification metrics, which demonstrates the potential of GNNs in network intrusion detection, and provides motivation for further research.
翻译:本文介绍了一个新的基于图形神经网络的网络入侵探测系统(NIDS)。 GNNS是深神经网络中一个相对较新的子领域,它可以利用基于图形的数据的固有结构。NIDS的训练和评价数据通常以流程记录形式表示,可以自然地以图表格式表示。这为探索基于图形神经网络的网络入侵探测系统提供了一种新的网络入侵探测系统(这是本文的重点)。目前关于基于机器学习的NIDS的研究只考虑网络的独立流动,而不是考虑其相互关联的模式。这是探测先进的IOT网络袭击(如DDoS)和由IOT装置发射的分布式港口扫描攻击的关键限制。在这个文件中,我们提议了\mbox{E-GraphSAG},这是一个GNNN方法,克服了这一限制,并能够捕捉到一个图形的边缘特征以及用于在IOT网络中检测网络失常情况的表情信息。我们的知识的最佳方法是,在应用GNEO-NBER网络的深度研究动力性研究方法方面第一次成功、实际和广泛评估了使用GNIS-Stal网络的大规模数据库测试方法。
相关内容
微信扫码咨询专知VIP会员