Investigation and rectification of NIDS datasets and standratized
feature set derivation for network attack detection with graph neural
networks
- URL: http://arxiv.org/abs/2212.13994v1
- Date: Mon, 26 Dec 2022 07:42:25 GMT
- Title: Investigation and rectification of NIDS datasets and standratized
feature set derivation for network attack detection with graph neural
networks
- Authors: Anton Raskovalov, Nikita Gabdullin and Vasily Dolmatov
- Abstract summary: Graph Neural Networks (GNNs) provide an opportunity to analyze network topology along with flow features.
In this paper we inspect different versions of ToN-IoT dataset and point out inconsistencies in some versions.
We propose a new standardized and compact set of flow features which are derived solely from NetFlowv5-compatible data.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Network Intrusion and Detection Systems (NIDS) are essential for malicious
traffic and cyberattack detection in modern networks. Artificial
intelligence-based NIDS are powerful tools that can learn complex data
correlations for accurate attack prediction. Graph Neural Networks (GNNs)
provide an opportunity to analyze network topology along with flow features
which makes them particularly suitable for NIDS applications. However,
successful application of such tool requires large amounts of carefully
collected and labeled data for training and testing. In this paper we inspect
different versions of ToN-IoT dataset and point out inconsistencies in some
versions. We filter the full version of ToN-IoT and present a new version
labeled ToN-IoT-R. To ensure generalization we propose a new standardized and
compact set of flow features which are derived solely from NetFlowv5-compatible
data. We separate numeric data and flags into different categories and propose
a new dataset-agnostic normalization approach for numeric features. This allows
us to preserve meaning of flow flags and we propose to conduct targeted
analysis based on, for instance, network protocols. For flow classification we
use E-GraphSage algorithm with modified node initialization technique that
allows us to add node degree to node features. We achieve high classification
accuracy on ToN-IoT-R and compare it with previously published results for
ToN-IoT, NF-ToN-IoT, and NF-ToN-IoT-v2. We highlight the importance of careful
data collection and labeling and appropriate data preprocessing choice and
conclude that the proposed set of features is more applicable for real NIDS due
to being less demanding to traffic monitoring equipment while preserving high
flow classification accuracy.
Related papers
- NIDS Neural Networks Using Sliding Time Window Data Processing with Trainable Activations and its Generalization Capability [0.0]
This paper presents neural networks for network intrusion detection systems (NIDS) that operate on flow data preprocessed with a time window.
It requires only eleven features which do not rely on deep packet inspection and can be found in most NIDS datasets and easily obtained from conventional flow collectors.
The reported training accuracy exceeds 99% for the proposed method with as little as twenty neural network input features.
arXiv Detail & Related papers (2024-10-24T11:36:19Z) - Provable Robustness of (Graph) Neural Networks Against Data Poisoning and Backdoor Attacks [50.87615167799367]
We certify Graph Neural Networks (GNNs) against poisoning attacks, including backdoors, targeting the node features of a given graph.
Our framework provides fundamental insights into the role of graph structure and its connectivity on the worst-case behavior of convolution-based and PageRank-based GNNs.
arXiv Detail & Related papers (2024-07-15T16:12:51Z) - Applying Self-supervised Learning to Network Intrusion Detection for
Network Flows with Graph Neural Network [8.318363497010969]
This paper studies the application of GNNs to identify the specific types of network flows in an unsupervised manner.
To the best of our knowledge, it is the first GNN-based self-supervised method for the multiclass classification of network flows in NIDS.
arXiv Detail & Related papers (2024-03-03T12:34:13Z) - Energy-based Out-of-Distribution Detection for Graph Neural Networks [76.0242218180483]
We propose a simple, powerful and efficient OOD detection model for GNN-based learning on graphs, which we call GNNSafe.
GNNSafe achieves up to $17.0%$ AUROC improvement over state-of-the-arts and it could serve as simple yet strong baselines in such an under-developed area.
arXiv Detail & Related papers (2023-02-06T16:38:43Z) - Anomal-E: A Self-Supervised Network Intrusion Detection System based on
Graph Neural Networks [0.0]
This paper investigates Graph Neural Networks (GNNs) application for self-supervised network intrusion and anomaly detection.
GNNs are a deep learning approach for graph-based data that incorporate graph structures into learning.
We present Anomal-E, a GNN approach to intrusion and anomaly detection that leverages edge features and graph topological structure in a self-supervised process.
arXiv Detail & Related papers (2022-07-14T10:59:39Z) - Feature Analysis for ML-based IIoT Intrusion Detection [0.0]
Powerful Machine Learning models have been adopted to implement Network Intrusion Detection Systems (NIDSs)
It is important to select the right set of data features, which maximise the detection accuracy as well as computational efficiency.
This paper provides an extensive analysis of the optimal feature sets in terms of the importance and predictive power of network attacks.
arXiv Detail & Related papers (2021-08-29T02:19:37Z) - E-GraphSAGE: A Graph Neural Network based Intrusion Detection System [3.3598755777055374]
This paper presents a new network intrusion detection system (NIDS) based on Graph Neural Networks (GNNs)
GNNs are a relatively new sub-field of deep neural networks, which have the unique ability to leverage the inherent structure of graph-based data.
An experimental evaluation based on six recent NIDS benchmark datasets shows the excellent performance of our E-GraphSAGE based NIDS.
arXiv Detail & Related papers (2021-03-30T13:21:31Z) - Modeling from Features: a Mean-field Framework for Over-parameterized
Deep Neural Networks [54.27962244835622]
This paper proposes a new mean-field framework for over- parameterized deep neural networks (DNNs)
In this framework, a DNN is represented by probability measures and functions over its features in the continuous limit.
We illustrate the framework via the standard DNN and the Residual Network (Res-Net) architectures.
arXiv Detail & Related papers (2020-07-03T01:37:16Z) - Policy-GNN: Aggregation Optimization for Graph Neural Networks [60.50932472042379]
Graph neural networks (GNNs) aim to model the local graph structures and capture the hierarchical patterns by aggregating the information from neighbors.
It is a challenging task to develop an effective aggregation strategy for each node, given complex graphs and sparse features.
We propose Policy-GNN, a meta-policy framework that models the sampling procedure and message passing of GNNs into a combined learning process.
arXiv Detail & Related papers (2020-06-26T17:03:06Z) - Contextual-Bandit Anomaly Detection for IoT Data in Distributed
Hierarchical Edge Computing [65.78881372074983]
IoT devices can hardly afford complex deep neural networks (DNN) models, and offloading anomaly detection tasks to the cloud incurs long delay.
We propose and build a demo for an adaptive anomaly detection approach for distributed hierarchical edge computing (HEC) systems.
We show that our proposed approach significantly reduces detection delay without sacrificing accuracy, as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-04-15T06:13:33Z) - Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem.
We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection.
We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-01-10T05:29:17Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.