Anomaly detection of traffic session based on graph neural network
Pages 1 - 9
Abstract
In recent years, with the development of network technology, methods of network security threats have emerged in endlessly. Most of the existing network anomaly detection researches cannot meet the requirements of network security detection. The traditional network anomaly detection methods based on static rule matching and machine learning don't perform well in the complex and dynamic network environment, and it is highly dependent on the statistical features designed by the expert in the specific domain. This paper proposes a traffic session anomaly detection method based on graph neural network, called TSGNN, which extracts the protocol features from the original Packet Capture(PACP) file and form the session representation, further use the gate recurrent unit(GRU) to extract the internal characteristics of the traffic data protocol field, then constructs a directed graph from session packet structure relationships and uses the graph neural network model to learn association features between graph nodes, and finally inputs the graph representation feature vector into fully connected network layer for classification. The experimental results show that our method is superior to the existing research in the evaluation indicators on the CSE-CIC-IDS2018 datasets.
References
[1]
Wang W, Sheng Y, Wang J, HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J]. IEEE access, 2017, 6: 1792-1806.
[2]
Nguyen T T T, Armitage G. A survey of techniques for internet traffic classification using machine learning[J]. IEEE Communications Surveys & Tutorials, 2008, 10(4): 56-76.
[3]
Bansal A, Mahapatra S. A comparative analysis of machine learning techniques for botnet detection[C]. Proceedings of the 10th International Conference on Security of Information and Networks. ACM, 2017: 91-98.
[4]
Aljawarneh S, Aldwairi M, Yassein M B. Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model[J]. Journal of Computational Science, 2018, 25: 152-160.
[5]
Abraham B, Mandya A, Bapat R, A Comparison of Machine Learning Approaches to Detect Botnet Traffic[C]. 2018 International Joint Conference on Neural Networks (IJCNN). IEEE, 2018: 1-8.
[6]
Yin BC, Wang WT, Wang LC A review of deep learning research [J] Journal of Beijing University of Technology, 2015, 41(1): 48-59.
[7]
Dahl G E, Stokes J W, Deng L, Large-scale malware classification using random projections and neural networks[C]. 2013 IEEE International Conference on Acoustics, Speech and Signal Processing. IEEE, 2013: 3422-3426.
[8]
Zolotukhin M, Hämäläinen T, Kokkonen T, Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic[C]//2016 23rd International conference on telecommunications (ICT). IEEE, 2016: 1-6.
[9]
Wang W, Zhu M, Zeng X, Malware traffic classification using convolutional neural network for representation learning[C]//2017 International Conference on Information Networking (ICOIN). IEEE, 2017: 712-717.
[10]
Y. Zhang, X. Chen, L. Jin, X. Wang, D. Guo, Network intrusion detection: based on deep hierarchical network and original flow data, IEEE Access 7 (2019) 37004–37016.
[11]
Kim J, Kim J, Kim H, CNN-based network intrusion detection against denial-of-service attacks[J]. Electronics, 2020, 9(6): 916.
[12]
Zhong Y, Chen W, Wang Z, HELAD: A novel network anomaly detection model based on heterogeneous ensemble learning[J]. Computer Networks, 2020, 169: 107049.
[13]
Ahmad Z, Shahid Khan A, Wai Shiang C, Network intrusion detection system: A systematic study of machine learning and deep learning approaches[J]. Transactions on Emerging Telecommunications Technologies, 2021, 32(1): e4150.
[14]
Fu Y, Du Y, Cao Z, A Deep Learning Model for Network Intrusion Detection with Imbalanced Data[J]. Electronics, 2022, 11(6): 898.
[15]
Mehmood M, Javed T, Nebhen J, A hybrid approach for network intrusion detection[J]. CMC-Computers Materials & Continua, 2022, 70(1): 91-107.
[16]
Tang Z, Hu H, Xu C. A federated learning method for network intrusion detection[J]. Concurrency and Computation: Practice and Experience, 2022, 34(10): e6812.
[17]
Akoglu L, Tong H, Vreeken J, Fast and reliable anomaly detection in categorical data. In: Proc. of the 21st ACM Int'l Conf. on Information and Knowledge Management. ACM, 2012. 415-424.
[18]
Manzoor E, Milajerdi SM, Akoglu L. Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: Proc. of the 22nd ACM SIGKDD Int'l Conf. on Knowledge Discovery and Data Mining (KDD). 2016. 1035−1044.
[19]
Li Z, Jin XL, Zhuang CZ, Sun Z. Overview on Graph Based Anomaly Detection[J]. Journal of Software, 2021,32(1):167-193.
[20]
Gori M, Monfardini G, Scarselli F. A new model for learning in graph domains[C]. Proceedings. 2005 IEEE International Joint Conference on Neural Networks, 2005. IEEE, 2005, 2: 729-734.
[21]
Bruna J, Zaremba W, Szlam A, Spectral networks and locally connected networks on graphs[J]. arXiv preprint arXiv:1312.6203, 2013.
[22]
Guo JY, Li RH, Zhang Y, Wang GR. Graph Neural Network Based Anomaly Detection in Dynamic Networks[J]. Journal of Software,2020,31(3):748−762.
[23]
Network traffic features extracting tool(more than 80 features), CICFlowMeter-V3: https://www.unb.ca/cic/research/applications.html.
[24]
T Karagiannis, A Broido, M Faloutsos, Transport layer identification of P2P traffic, in: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, 2004.
[25]
Cho K, Van Merriënboer B, Gulcehre C, Learning phrase representations using RNN encoder-decoder for statistical machine translation[J]. arXiv preprint arXiv:1406.1078, 2014.
[26]
Gao H, Ji S. Graph u-nets[C]//international conference on machine learning. PMLR, 2019: 2083-2092.
[27]
Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018.
[28]
M. Sokolova, G. Lapalme, ‘A systematic analysis of performance measures for classification tasks, Inf. Process. Manage. 45 (4) (Jul. 2009) 427–437.
[29]
Yu L, Dong J, Chen L, PBCNN: Packet Bytes-based Convolutional Neural Network for Network Intrusion Detection[J]. Computer Networks, 2021, 194: 108117.
[30]
Dataset[J], IEEE Access 8 (2020) 32150–32162.
[31]
Ferrag M A, Maglaras L, Moschoyiannis S, Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study[J]. Journal of Information Security and Applications, 2020, 50: 102419.
Index Terms
- Anomaly detection of traffic session based on graph neural network
Index terms have been assigned to the content through auto-classification.
Recommendations
Adversarial random graph neural network for anomaly detection
AbstractAnomaly detection is distinguishing unusual objects from normal patterns. It is a complex task due to unpredictable nature of anomalies, which can appear in many forms or they can be hidden by mimicking normal behaviors in a graph structure. Such ...
Network Flow Based IoT Anomaly Detection Using Graph Neural Network
Knowledge Science, Engineering and ManagementAbstractDeep learning-based traffic anomaly detection methods are usually fed with high-dimensional statistical features. The greatest challenges are how to detect complex inter-feature relationships and localize and explain anomalies that deviate from ...
Dual-discriminative graph neural network for imbalanced graph-level anomaly detection
NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing SystemsGraph-level anomaly detection aims to distinguish anomalous graphs in a graph dataset from normal graphs. Anomalous graphs represent a very few but essential patterns in the real world. The anomalous property of a graph may be referable to its anomalous ...
Comments
Information & Contributors
Information
Published In
December 2022
77 pages
ISBN:9798400700132
DOI:10.1145/3584714
Copyright © 2022 ACM.
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 September 2023
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
CSW 2022
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 73Total Downloads
- Downloads (Last 12 months)65
- Downloads (Last 6 weeks)4
Reflects downloads up to 10 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format