BS-GAT Behavior Similarity Based Graph Attention Network for Network
Intrusion Detection
- URL: http://arxiv.org/abs/2304.07226v1
- Date: Fri, 7 Apr 2023 09:42:07 GMT
- Title: BS-GAT Behavior Similarity Based Graph Attention Network for Network
Intrusion Detection
- Authors: Yalu Wang, Zhijie Han, Jie Li, Xin He
- Abstract summary: This paper proposes a graph neural network algorithm based on behavior similarity (BS-GAT) using graph attention network.
The results show that the proposed method is effective and has superior performance comparing to existing solutions.
- Score: 20.287285893803244
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: With the development of the Internet of Things (IoT), network intrusion
detection is becoming more complex and extensive. It is essential to
investigate an intelligent, automated, and robust network intrusion detection
method. Graph neural networks based network intrusion detection methods have
been proposed. However, it still needs further studies because the graph
construction method of the existing methods does not fully adapt to the
characteristics of the practical network intrusion datasets. To address the
above issue, this paper proposes a graph neural network algorithm based on
behavior similarity (BS-GAT) using graph attention network. First, a novel
graph construction method is developed using the behavior similarity by
analyzing the characteristics of the practical datasets. The data flows are
treated as nodes in the graph, and the behavior rules of nodes are used as
edges in the graph, constructing a graph with a relatively uniform number of
neighbors for each node. Then, the edge behavior relationship weights are
incorporated into the graph attention network to utilize the relationship
between data flows and the structure information of the graph, which is used to
improve the performance of the network intrusion detection. Finally,
experiments are conducted based on the latest datasets to evaluate the
performance of the proposed behavior similarity based graph attention network
for the network intrusion detection. The results show that the proposed method
is effective and has superior performance comparing to existing solutions.
Related papers
- Multitask Active Learning for Graph Anomaly Detection [48.690169078479116]
We propose a novel MultItask acTIve Graph Anomaly deTEction framework, namely MITIGATE.
By coupling node classification tasks, MITIGATE obtains the capability to detect out-of-distribution nodes without known anomalies.
Empirical studies on four datasets demonstrate that MITIGATE significantly outperforms the state-of-the-art methods for anomaly detection.
arXiv Detail & Related papers (2024-01-24T03:43:45Z) - GNN-LoFI: a Novel Graph Neural Network through Localized Feature-based
Histogram Intersection [51.608147732998994]
Graph neural networks are increasingly becoming the framework of choice for graph-based machine learning.
We propose a new graph neural network architecture that substitutes classical message passing with an analysis of the local distribution of node features.
arXiv Detail & Related papers (2024-01-17T13:04:23Z) - Network Intrusion Detection with Edge-Directed Graph Multi-Head Attention Networks [13.446986347747325]
This paper proposes novel Edge-Directed Graph Multi-Head Attention Networks (EDGMAT) for network intrusion detection.
The proposed EDGMAT model introduces a multi-head attention mechanism into the intrusion detection model. Additional weight learning is realized through the combination of a multi-head attention mechanism and edge features.
arXiv Detail & Related papers (2023-10-26T12:30:11Z) - BOURNE: Bootstrapped Self-supervised Learning Framework for Unified
Graph Anomaly Detection [50.26074811655596]
We propose a novel unified graph anomaly detection framework based on bootstrapped self-supervised learning (named BOURNE)
By swapping the context embeddings between nodes and edges, we enable the mutual detection of node and edge anomalies.
BOURNE can eliminate the need for negative sampling, thereby enhancing its efficiency in handling large graphs.
arXiv Detail & Related papers (2023-07-28T00:44:57Z) - Anomal-E: A Self-Supervised Network Intrusion Detection System based on
Graph Neural Networks [0.0]
This paper investigates Graph Neural Networks (GNNs) application for self-supervised network intrusion and anomaly detection.
GNNs are a deep learning approach for graph-based data that incorporate graph structures into learning.
We present Anomal-E, a GNN approach to intrusion and anomaly detection that leverages edge features and graph topological structure in a self-supervised process.
arXiv Detail & Related papers (2022-07-14T10:59:39Z) - Learning Graph Structure from Convolutional Mixtures [119.45320143101381]
We propose a graph convolutional relationship between the observed and latent graphs, and formulate the graph learning task as a network inverse (deconvolution) problem.
In lieu of eigendecomposition-based spectral methods, we unroll and truncate proximal gradient iterations to arrive at a parameterized neural network architecture that we call a Graph Deconvolution Network (GDN)
GDNs can learn a distribution of graphs in a supervised fashion, perform link prediction or edge-weight regression tasks by adapting the loss function, and they are inherently inductive.
arXiv Detail & Related papers (2022-05-19T14:08:15Z) - Graph similarity learning for change-point detection in dynamic networks [15.694880385913534]
We consider dynamic networks that are temporal sequences of graph snapshots.
This task is often termed network change-point detection and has numerous applications, such as fraud detection or physical motion monitoring.
We design a method to perform online network change-point detection that can adapt to the specific network domain and localise changes with no delay.
arXiv Detail & Related papers (2022-03-29T12:16:38Z) - Anomaly Detection on Attributed Networks via Contrastive Self-Supervised
Learning [50.24174211654775]
We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks.
Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair.
A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
arXiv Detail & Related papers (2021-02-27T03:17:20Z) - Anisotropic Graph Convolutional Network for Semi-supervised Learning [7.843067454030999]
Graph convolutional networks learn effective node embeddings that have proven to be useful in achieving high-accuracy prediction results.
These networks suffer from the issue of over-smoothing and shrinking effect of the graph due in large part to the fact that they diffuse features across the edges of the graph using a linear Laplacian flow.
We propose an anisotropic graph convolutional network for semi-supervised node classification by introducing a nonlinear function that captures informative features from nodes, while preventing oversmoothing.
arXiv Detail & Related papers (2020-10-20T13:56:03Z) - Graph Fairing Convolutional Networks for Anomaly Detection [7.070726553564701]
We introduce a graph convolutional network with skip connections for semi-supervised anomaly detection.
The effectiveness of our model is demonstrated through extensive experiments on five benchmark datasets.
arXiv Detail & Related papers (2020-10-20T13:45:47Z) - Structural Temporal Graph Neural Networks for Anomaly Detection in
Dynamic Graphs [54.13919050090926]
We propose an end-to-end structural temporal Graph Neural Network model for detecting anomalous edges in dynamic graphs.
In particular, we first extract the $h$-hop enclosing subgraph centered on the target edge and propose the node labeling function to identify the role of each node in the subgraph.
Based on the extracted features, we utilize Gated recurrent units (GRUs) to capture the temporal information for anomaly detection.
arXiv Detail & Related papers (2020-05-15T09:17:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.