research-article

Open access

Exploring Temporal GNN Embeddings for Darknet Traffic Analysis

Authors:

Luca Gioacchini,

Andrea Cavallo,

Luca VassioAuthors Info & Claims

GNNet '23: Proceedings of the 2nd on Graph Neural Networking Workshop 2023

Pages 31 - 36

https://doi.org/10.1145/3630049.3630175

Published: 05 December 2023 Publication History

Abstract

Network Traffic Analysis (NTA) serves as a foundational tool for characterizing network entities and uncovering suspicious traffic patterns, thereby enhancing our understanding of network operations and security. As successfully done in other domains, due to the scarcity of labelled data, Deep Learning (DL)-based solutions for NTA have started adopting a 2-stage approach; (i) a self-supervised upstream task generates compact and information-rich representations (embeddings) of network data without the need for a ground truth; (ii) the embeddings serve as input to specialized models for downstream tasks (supervised or unsupervised) -- e.g. traffic classification or anomaly detection. Since graphs are intuitive representations of network traffic, in this work, we explore the potential of temporal Graph Neural Networks (tGNNs) in generating intermediate embeddings in a self-supervised fashion. We assess the quality of such embeddings by solving a host classification problem in a darknet traffic scenario. We evaluate static and temporal GNNs over a month-long period of traffic traces. We find that the inclusion of node features and temporal aspects in the model, together with an incremental training approach, allows for an accurate description of host activity dynamics and enables the creation of 2-stage NTA pipelines.

References

[1]

G. Aceto, D. Ciuonzo, A. Montieri, and A. Pescapè. 2019. MIMETIC: Mobile encrypted traffic classification using multimodal deep learning. Computer Networks (2019). https://doi.org/10.1016/j.comnet.2019.106944

Digital Library

[2]

G. Aceto, D. Ciuonzo, A. Montieri, and A. Pescapè. 2019. Mobile Encrypted Traffic Classification Using Deep Learning: Experimental Evaluation, Lessons Learned, and Challenges. IEEE Transactions on Network and Service Management (2019). https://doi.org/10.1109/TNSM.2019.2899085

[3]

P. Bo, F. Yongquan, R. Siyuan, W. Ye, L. Qing, and J. Yan. 2021. CGNN: Traffic Classification with Graph Neural Network. https://doi.org/10.48550/arXiv.2110.09726

[4]

J. Ceron, K. Steding-Jessen, C. Hoepers, L. Granville, and C. Margi. 2019. Improving IoT Botnet Investigation Using an Adaptive Network Layer. Sensors (2019). https://doi.org/10.3390/s19030727

[5]

K. Cho, B. van Merriënboer, C. Gulcehre, D. Bahdanau, F. Bougares, H. Schwenk, and Y. Bengio. 2014. Learning Phrase Representations using RNN Encoder--Decoder for Statistical Machine Translation. In Conference on Empirical Methods in Natural Language Processing (EMNLP). https://doi.org/10.3115/v1/D14--1179

[6]

D. Cohen, Y. Mirsky, Y. Elovici, R. Puzis, M. Kamp, T. Martin, and A. Shabtai. 2020. DANTE: A Framework for Mining and Monitoring Darknet Traffic. https://doi.org/10.48550/arXiv.2003.02575

[7]

L. Gioacchini, L. Vassio, M. Mellia, I. Drago, Z.B. Houidi, and D. Rossi. 2021. DarkVec: automatic analysis of darknet traffic with word embeddings. In Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies. https://doi.org/10.1145/3485983.3494863

Digital Library

[8]

L. Gioacchini, L. Vassio, M. Mellia, I. Drago, Z.B. Houidi, and D. Rossi. 2023. i-DarkVec: Incremental Embeddings for Darknet Traffic Analysis. ACM Transactions on Internet Technology (2023). https://doi.org/10.1145/3595378

Digital Library

[9]

Z.B. Houidi, R. Azorin, M. Gallo, A. Finamore, and D. Rossi. 2022. Towards a Systematic Multi-Modal Representation Learning for Network Data. In Proceedings of the 21st ACM Workshop on Hot Topics in Networks. https://doi.org/10.1145/3563766.3564108

Digital Library

[10]

G. Hu, X. Xiao, M. Shen, B. Zhang, X. Yan, and Y. Liu. 2023. TCGNN: Packet-grained network traffic classification via Graph Neural Networks. Engineering Applications of Artificial Intelligence (2023). https://doi.org/10.1016/j.engappai.2023.106531

Digital Library

[11]

T. Huoh, Y. Luo, P. Li, and T. Zhang. 2023. Flow-Based Encrypted Network Traffic Classification With Graph Neural Networks. IEEE Transactions on Network and Service Management (2023). https://doi.org/10.1109/TNSM.2022.3227500

Digital Library

[12]

J. Höchst, L. Baumgärtner, M. Hollick, and B. Freisleben. 2017. Unsupervised Traffic Flow Classification Using a Neural Autoencoder. In 2017 IEEE 42nd Conference on Local Computer Networks (LCN). https://doi.org/10.1109/LCN.2017.57

[13]

M. Kallitsis, R. Prajapati, V. Honavar, D. Wu, and J. Yen. 2022. Detecting and Interpreting Changes in Scanning Behavior in Large Network Telescopes. IEEE Transactions on Information Forensics and Security (2022). https://doi.org/10.1109/TIFS.2022.3211644

Digital Library

[14]

T.N. Kipf and M. Welling. 2017. Semi-Supervised Classification with Graph Convolutional Networks. In International Conference on Learning Representations (ICLR). https://doi.org/10.48550/arXiv.1609.02907

[15]

Y. Liu, M. Jin, S. Pan, C. Zhou, Y. Zheng, F. Xia, and S.Y. Philip. 2022. Graph self-supervised learning: A survey. IEEE Transactions on Knowledge and Data Engineering (2022). https://doi.org/10.1109/TKDE.2022.3172903

Digital Library

[16]

M. Lotfollahi, R.S.H. Zade, M.J. Siavoshani, and M. Saberian. 2017. Deep Packet: A Novel Approach For Encrypted Traffic Classification Using Deep Learning. https://doi.org/10.48550/ARXIV.1709.02656

[17]

T. Mikolov, K. Chen, G. Corrado, and J. Dean. 2013. Efficient estimation of word representations in vector space. arXiv (2013). https://doi.org/10.48550/arXiv.1301.3781

[18]

F. Pacheco, E. Exposito, M. Gineste, C. Baudoin, and J. Aguilar. 2019. Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey. IEEE Communications Surveys & Tutorials (2019). https://doi.org/10.1109/COMST.2018.2883147

[19]

S. Rezaei and X. Liu. 2018. How to Achieve High Classification Accuracy with Just a Few Labels: A Semi-supervised Approach Using Sampled Packets. https://doi.org/10.48550/ARXIV.1812.09761

[20]

M. Ring, A. Dallmann, D. Landes, and A. Hotho. 2017. IP2Vec: Learning Similarities Between IP Addresses. In 2017 IEEE International Conference on Data Mining Workshops (ICDMW). https://doi.org/10.1109/ICDMW.2017.93

[21]

F. Scarselli, M. Gori, A.C. Tsoi, M. Hagenbuchner, and G. Monfardini. 2009. The Graph Neural Network Model. IEEE Transactions on Neural Networks (2009). https://doi.org/10.1109/TNN.2008.2005605

Digital Library

[22]

F. Soro, T. Favale, D. Giordano, L. Vassio, Z.B. Houidi, and I. Drago. 2021. The New Abnormal: Network Anomalies in the AI Era. Communication Networks and Service Management in the Era of Artificial Intelligence and Machine Learning (2021). https://doi.org/10.1002/9781119675525.ch11

[23]

B. Sun, W. Yang, M. Yan, D. Wu, Y. Zhu, and Z. Bai. 2020. An Encrypted Traffic Classification Method Combining Graph Convolutional Network and Autoencoder. In 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC). https://doi.org/10.1109/IPCCC50635.2020.9391542

[24]

L. Zhao, Y. Song, C. Zhang, Y. Liu, P. Wang, T. Lin, M. Deng, and H. Li. 2020. T-GCN: A Temporal Graph Convolutional Network for Traffic Prediction. IEEE Transactions on Intelligent Transportation Systems (2020). https://doi.org/10.1109/TITS.2019.2935152

Cited By

Huang KGioacchini LMellia MVassio L(2024)Dynamic Cluster Analysis to Detect and Track Novelty in Network Telescopes2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00037(287-296)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00037
Gioacchini LSantos WLopes BDrago IMellia MAlmeida JGonçalves M(2024)Explainable Stacking Models based on Complementary Traffic Embeddings2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00035(261-272)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00035

Index Terms

Exploring Temporal GNN Embeddings for Darknet Traffic Analysis
1. Networks
  1. Network services
    1. Network monitoring
2. Security and privacy
  1. Network security

Recommendations

i-DarkVec: Incremental Embeddings for Darknet Traffic Analysis
Darknets are probes listening to traffic reaching IP addresses that host no services. Traffic reaching a darknet results from the actions of internet scanners, botnets, and possibly misconfigured hosts. Such peculiar nature of the darknet traffic makes ...
DE-GNN: Dual embedding with graph neural network for fine-grained encrypted traffic classification
Abstract
Nowadays, most network traffic is encrypted, which protects user privacy but complicates the task of analyzing and classifying encrypted traffic. Identifying the specific categories of encrypted traffic, such as application type or even the ...
GPT-GNN: Generative Pre-Training of Graph Neural Networks
KDD '20: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining

Graph neural networks (GNNs) have been demonstrated to be powerful in modeling graph-structured data. However, training GNNs requires abundant task-specific labeled data, which is often arduously expensive to obtain. One effective way to reduce the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

GNNet '23: Proceedings of the 2nd on Graph Neural Networking Workshop 2023

December 2023

49 pages

ISBN:9798400704482

DOI:10.1145/3630049

General Chairs:
Pere Barlet-Ros
UPC BarcelonaTech, Spain
,
Pedro Casas
AIT, Austria
,
Franco Scarselli
University of Sienna, Italy
,
Jose Suarez-Varela
Telefonica Research, Spain
,
Albert Cabellos
UPC BarcelonaTech, Spain

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2023

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Ministero dell'Università e della Ricerca

Conference

CoNEXT 2023

Sponsor:

SIGCOMM

CoNEXT 2023: The 19th International Conference on emerging Networking EXperiments and Technologies

December 8, 2023

Paris, France

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
322
Total Downloads

Downloads (Last 12 months)322
Downloads (Last 6 weeks)36

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Huang KGioacchini LMellia MVassio L(2024)Dynamic Cluster Analysis to Detect and Track Novelty in Network Telescopes2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00037(287-296)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00037
Gioacchini LSantos WLopes BDrago IMellia MAlmeida JGonçalves M(2024)Explainable Stacking Models based on Complementary Traffic Embeddings2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00035(261-272)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00035

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents