Cited By
View all- Gu LWang Z(2024)A Multi-Scale Feature Extraction Method Based on Improved Transformer for Intrusion DetectionInternational Journal of Information Security and Privacy10.4018/IJISP.35689318:1(1-20)Online publication date: 7-Nov-2024
HRNN: Hypergraph Recurrent Neural Network for Network Intrusion Detection
Authors: 
Zhe Yang, Zitong Ma, Wenbo Zhao, Lingzhi Li, Fei GuAuthors Info & Claims
Zhe Yang, Zitong Ma, Wenbo Zhao, Lingzhi Li, Fei GuAuthors Info & ClaimsAbstract
In intrusion detection systems, deep learning has demonstrated its capability to effectively mine flow representations, significantly enhancing the ability to detect anomalies. However, current approaches still suffer from limitations in flow feature extraction and may require fine-tuning on different forms of data, and may even be nontransferable. The task of accurately and efficiently handling multiple forms of flow remains a challenging endeavor. In this work, we propose the Hypergraph Recurrent Neural Network (HRNN), a novel intrusion detection method that leverages the hypergraph higher-order structure and recurrent network. We construct flow data as hypergraph structures, which allow for more abundant information representation and implicitly incorporate more similar information in the model. The recurrent module extracts temporal features of the flow. Our design effectively fuses representations imbued with rich spatial and temporal semantics. Evaluations of several publicly available datasets portray that HRNN outperforms other state-of-the-art methods.
References
[1]
Research, C.: 2023 Security Report: Cyberattacks Reach an All-Time High in Response to Geo-Political Conflict and the Rise of Disruption and Destruction Malware (2023). https://research.checkpoint.com/2023/
[2]
Thakkar A and Lohiya R A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions Artif. Intell. Rev. 2022 55 1 453-563
[3]
Liao H-J, Lin C-HR, Lin Y-C, and Tung K-Y Intrusion detection system: A comprehensive review J. Netw. Comput. Appl. 2013 36 1 16-24
[4]
Alsoufi MA, Razak S, Siraj MM, Nafea I, Ghaleb FA, Saeed F, and Nasser M Anomaly-based intrusion detection systems in iot using deep learning: A systematic literature review Appl. Sci. 2021 11 18 8383
[5]
Mahdavisharif M, Jamali S, and Fotohi R Big data-aware intrusion detection system in communication networks: a deep learning approach Journal of Grid Computing. 2021 19 4 46
[6]
Rezaei S and Liu X Deep learning for encrypted traffic classification: An overview IEEE Commun. Mag. 2019 57 5 76-81
[7]
Yao, Y., Su, L., Zhang, C., Lu, Z., Liu, B.: Marrying graph kernel with deep neural network: A case study for network anomaly detection. In: Computational Science–ICCS 2019: 19th International Conference, Faro, Portugal, June 12–14, 2019, Proceedings, Part II 19, pp. 102–115 (2019). Springer
[8]
Kwon D, Kim H, Kim J, Suh SC, Kim I, and Kim KJ A survey of deep learning-based network anomaly detection Clust. Comput. 2019 22 949-961
[9]
Lesfari, H., Giroire, F.: Nadege: When graph kernels meet network anomaly detection. In: IEEE INFOCOM 2022-IEEE Conference on Computer Communications, pp. 2008–2017 (2022). IEEE
[10]
Zheng, W., Gou, C., Yan, L., Mo, S.: Learning to classify: A flow-based relation network for encrypted traffic classification. In: Proceedings of The Web Conference 2020, pp. 13–22 (2020)
[11]
Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv:1609.02907. (2016)
[12]
Schlichtkrull, M., Kipf, T.N., Bloem, P., Van Den Berg, R., Titov, I., Welling, M.: Modeling relational data with graph convolutional networks. In: The Semantic Web: 15th International Conference, ESWC 2018, Heraklion, Crete, Greece, June 3–7, 2018, Proceedings 15, pp. 593–607 (2018). Springer
[13]
Feng, Y., You, H., Zhang, Z., Ji, R., Gao, Y.: Hypergraph neural networks. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 33, pp. 3558–3565 (2019)
[14]
Gao Y, Zhang Z, Lin H, Zhao X, Du S, and Zou C Hypergraph learning: Methods and practices IEEE Trans. Pattern Anal. Mach. Intell. 2020 44 5 2548-2566
[15]
Jafarian JH, Abolfathi M, and Rahimian M Detecting network scanning through monitoring and manipulation of dns traffic IEEE Access. 2023 11 20267-20283
[16]
Benferhat S, Boudjelida A, Tabia K, and Drias H An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge Appl. Intell. 2013 38 520-540
[17]
Mokari H, Firouzmand E, Sharifi I, and Doustmohammadi A Resilient control strategy and attack detection on platooning of smart vehicles under dos attack ISA Trans. 2024 144 51-60
[18]
Mokari, H., Firouzmand, E., Sharifi, I., Doustmohammadi, A.: Deception attack detection and resilient control in platoon of smart vehicles. In: 2022 30th International Conference on Electrical Engineering (ICEE), pp. 29–35 (2022). IEEE
[19]
Majeed PG and Kumar S Genetic algorithms in intrusion detection systems: A survey Int. J. Innov. Appl. Stud. 2014 5 3 233
[20]
Khraisat, A., Gondal, I., Vamplew, P.: An anomaly intrusion detection system using c5 decision tree classifier. In: Trends and Applications in Knowledge Discovery and Data Mining: PAKDD 2018 Workshops, BDASC, BDM, ML4Cyber, PAISI, DaMEMO, Melbourne, VIC, Australia, June 3, 2018, Revised Selected Papers 22, pp. 149–155 (2018). Springer
[21]
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN’02 (Cat. No. 02CH37290), vol. 2, pp. 1702–1707 (2002). IEEE
[22]
Wang Y, Wang X, Ariffin MM, Abolfathi M, Alqhatani A, and Almutairi L Attack detection analysis in software-defined networks using various machine learning method Comput. Electr. Eng. 2023 108
[23]
Nguyen TT and Armitage G A survey of techniques for internet traffic classification using machine learning IEEE communications surveys & tutorials. 2008 10 4 56-76
[24]
Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732 (2017)
[25]
Shone N, Ngoc TN, Phai VD, and Shi Q A deep learning approach to network intrusion detection IEEE transactions on emerging topics in computational intelligence. 2018 2 1 41-50
[26]
Ahmad Z, Shahid Khan A, Wai Shiang C, Abdullah J, and Ahmad F Network intrusion detection system: A systematic study of machine learning and deep learning approaches Transactions on Emerging Telecommunications Technologies. 2021 32 1 4150
[27]
Choupanzadeh, R., Zadehgol, A.: A deep neural network modeling methodology for efficient emc assessment of shielding enclosures using meca-generated rcs training data. IEEE Transactions on Electromagnetic Compatibility. (2023)
[28]
Baesmat, K.H., Latifi, S.: A new hybrid method for electrical load forecasting based on deviation correction and mrmrms. In: International Conference On Systems Engineering, pp. 293–303 (2023). Springer
[29]
Wei J, Chammam A, Feng J, Alshammari A, Tehranian K, Innab N, Deebani W, and Shutaywi M Power system monitoring for electrical disturbances in wide network using machine learning Sustainable Computing: Informatics and Systems. 2024 42
[30]
Hassanpouri Baesmat K and Shiri A A new combined method for future energy forecasting in electrical networks International Transactions on Electrical Energy Systems. 2019 29 3 2749
[31]
Jandaghi, E., Chen, X., Yuan, C.: Motion dynamics modeling and fault detection of a soft trunk robot. In: 2023 IEEE/ASME International Conference on Advanced Intelligent Mechatronics (AIM), pp. 1324–1329 (2023). IEEE
[32]
Baesmat KH, Masoudipour I, and Samet H Improving the performance of short-term load forecast using a hybrid artificial neural network and artificial bee colony algorithm amélioration des performances de la prévision de la charge à court terme à l’aide d’un réseau neuronal artificiel hybride et d’un algorithme de colonies d’abeilles artificielles IEEE Canadian Journal of Electrical and Computer Engineering. 2021 44 3 275-282
[33]
Ying Q, Yu Y, Tian D, Jia X, Ma R, and Hu C Cjspector: A novel cryptojacking detection method using hardware trace and deep learning Journal of Grid Computing. 2022 20 3 31
[34]
Wang Z The applications of deep learning on traffic identification BlackHat USA 2015 24 11 1-10
[35]
Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48 (2017). IEEE
[36]
Zhang J, Ling Y, Fu X, Yang X, Xiong G, and Zhang R Model of the intrusion detection system based on the integration of spatial-temporal features Computers & Security. 2020 89
[37]
Yin C, Zhu Y, Fei J, and He X A deep learning approach for intrusion detection using recurrent neural networks Ieee Access. 2017 5 21954-21961
[38]
Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Saberian, M.: Deep packet: A novel approach for encrypted traffic classification using deep learning. Soft Computing. 24(3), 1999–2012 (2020)
[39]
Yao H, Liu C, Zhang P, Wu S, Jiang C, and Yu S Identification of encrypted traffic through attention mechanism based long short term memory IEEE transactions on big data. 2019 8 1 241-252
[40]
Deng, A., Hooi, B.: Graph neural network-based anomaly detection in multivariate time series. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 4027–4035 (2021)
[41]
Mitropoulou K, Kokkinos P, Soumplis P, and Varvarigos E Anomaly detection in cloud computing using knowledge graph embedding and machine learning mechanisms Journal of Grid Computing. 2024 22 1 6
[42]
Jin, M., Koh, H.Y., Wen, Q., et al.: A survey on graph neural networks for time series: Forecasting, classification, imputation, and anomaly detection. arXiv preprint arXiv:2307.03759. (2023)
[43]
Ling, X., Wu, L., Deng, W., Qu, Z., Zhang, J., Zhang, S., Ma, T., Wang, B., Wu, C., Ji, S.: Malgraph: Hierarchical graph neural networks for robust windows malware detection. In: IEEE INFOCOM 2022-IEEE Conference on Computer Communications, pp. 1998–2007 (2022). IEEE
[44]
Mo, S., Wang, Y., Xiao, D., Wu, W., Fan, S., Shi, C.: Encrypted traffic classification using graph convolutional networks. In: Advanced Data Mining and Applications: 16th International Conference, ADMA 2020, Foshan, China, November 12–14, 2020, Proceedings 16, pp. 207–219 (2020). Springer
[45]
Shen M, Zhang J, Zhu L, Xu K, and Du X Accurate decentralized application identification via encrypted traffic analysis using graph neural networks IEEE Trans. Inf. Forensics Secur. 2021 16 2367-2380
[46]
Duan G, Lv H, Wang H, and Feng G Application of a dynamic line graph neural network for intrusion detection with semisupervised learning IEEE Trans. Inf. Forensics Secur. 2022 18 699-714
[47]
Sun, B., Yang, W., Yan, M., Wu, D., Zhu, Y., Bai, Z.: An encrypted traffic classification method combining graph convolutional network and autoencoder. In: 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), pp. 1–8 (2020). IEEE
[48]
Zhang, M., Cui, Z., Neumann, M., Chen, Y.: An end-to-end deep learning architecture for graph classification. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 32 (2018)
[49]
Zhou, D., Huang, J., Schölkopf, B.: Learning with hypergraphs: Clustering, classification, and embedding. Advances in neural information processing systems. 19 (2006)
[50]
Ring M, Wunderlich S, Scheuring D, Landes D, and Hotho A A survey of network-based intrusion detection data sets Computers & Security. 2019 86 147-167
[51]
Keller JM, Gray MR, and Givens JA A fuzzy k-nearest neighbor algorithm IEEE Trans. Syst. Man Cybern. 1985 4 580-585
[52]
Zaremba, W., Sutskever, I., Vinyals, O.: Recurrent neural network regularization. arXiv preprint arXiv:1409.2329. (2014)
[53]
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6 (2009). Ieee
[54]
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 1, 108–116 (2018)
[55]
Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., Ghorbani, A.A.: Characterization of encrypted and vpn traffic using time-related. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), pp. 407–414 (2016)
[56]
Yadati, N., Nimishakavi, M., Yadav, P., Nitin, V., Louis, A., Talukdar, P.: Hypergcn: A new method for training graph convolutional networks on hypergraphs. Advances in neural information processing systems. 32 (2019)
[57]
Gao, Y., Feng, Y., Ji, S., Ji, R.: Hgnn : General hypergraph neural networks. IEEE Transactions on Pattern Analysis and Machine Intell. (2022)
Recommendations
Augmentation of Elman Recurrent Network Learning with Particle Swarm Optimization
AMS '08: Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS)Despite a variety of Artificial Neural Network (ANN) categories, Backpropagation Network (BP) and Elman Recurrent Network (ERN) are the widespread modus operandi in real applications. However, there are many drawbacks in BP network, for instance, ...
System for Intrusion Detection with Artificial Neural Network
ICAART 2015: Proceedings of the International Conference on Agents and Artificial Intelligence - Volume 2With the rapid expansion of computer networks during the past decade, security has become a crucial issue
for computer systems. Different soft-computing based methods have been proposed in recent years for the
development of intrusion detection systems. ...
Network intrusion detection using fusion features and convolutional bidirectional recurrent neural network
In this paper, novel fusion features to train Convolutional Bidirectional Recurrent Neural Network (CBRNN) are proposed for network intrusion detection. UNSW-NB15 data sets' attack behaviours (input features) are fused with their first and second-order ...
Comments
Information & Contributors
Information
Published In
© The Author(s), under exclusive licence to Springer Nature B.V. 2024. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 17 May 2024
Accepted: 16 April 2024
Received: 19 April 2023
Author Tags
Qualifiers
- Research-article
Funding Sources
- Project of the Ministry of Education on the Cooperation of Production and Education
- Future Network Scientific Research Fund Project
- National Natural Science Foundation of China
- National Science Foundation of Jiangsu Higher Education Institutions of China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Jan 2025
Other Metrics
Citations
Cited By
View all- Gu LWang Z(2024)A Multi-Scale Feature Extraction Method Based on Improved Transformer for Intrusion DetectionInternational Journal of Information Security and Privacy10.4018/IJISP.35689318:1(1-20)Online publication date: 7-Nov-2024