Detecting Contextual Network Anomalies with Graph Neural Networks

• URL: http://arxiv.org/abs/2312.06342v1
• Date: Mon, 11 Dec 2023 12:45:43 GMT
• Title: Detecting Contextual Network Anomalies with Graph Neural Networks
• Authors: Hamid Latif-Mart\'inez, Jos\'e Su\'arez-Varela, Albert Cabellos-Aparicio, Pere Barlet-Ros
• Abstract summary: We formulate the problem as contextual anomaly detection on network traffic measurements. We propose a custom GNN-based solution that detects traffic anomalies on origin-destination flows. The results show that the anomalies detected by our solution are quite complementary to those captured by the baselines.
• Score: 4.671648049111933
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Detecting anomalies on network traffic is a complex task due to the massive amount of traffic flows in today's networks, as well as the highly-dynamic nature of traffic over time. In this paper, we propose the use of Graph Neural Networks (GNN) for network traffic anomaly detection. We formulate the problem as contextual anomaly detection on network traffic measurements, and propose a custom GNN-based solution that detects traffic anomalies on origin-destination flows. In our evaluation, we use real-world data from Abilene (6 months), and make a comparison with other widely used methods for the same task (PCA, EWMA, RNN). The results show that the anomalies detected by our solution are quite complementary to those captured by the baselines (with a max. of 36.33% overlapping anomalies for PCA). Moreover, we manually inspect the anomalies detected by our method, and find that a large portion of them can be visually validated by a network expert (64% with high confidence, 18% with mid confidence, 18% normal traffic). Lastly, we analyze the characteristics of the anomalies through two paradigmatic cases that are quite representative of the bulk of anomalies.

Related papers

• CESNET-TimeSeries24: Time Series Dataset for Network Traffic Anomaly Detection and Forecasting [0.0]
  This manuscript introduces a dataset comprising time series data of network entities' behavior. The dataset was created from 40 weeks of network traffic of 275 thousand active IP addresses. It provides valuable insights into the practical deployment of forecast-based anomaly detection approaches.
  arXiv  Detail & Related papers  (2024-09-27T16:10:11Z)
• Semi-Supervised Learning for Anomaly Traffic Detection via Bidirectional Normalizing Flows [47.4772981101262]
  We consider the problem of anomaly network traffic detection and propose a three-stage anomaly detection framework using only normal traffic. Our framework can generate pseudo anomaly samples without prior knowledge of anomalies to achieve the detection of anomaly data.
  arXiv  Detail & Related papers  (2024-03-13T02:10:32Z)
• ARISE: Graph Anomaly Detection on Attributed Networks via Substructure Awareness [70.60721571429784]
  We propose a new graph anomaly detection framework on attributed networks via substructure awareness (ARISE) ARISE focuses on the substructures in the graph to discern abnormalities. Experiments show that ARISE greatly improves detection performance compared to state-of-the-art attributed networks anomaly detection (ANAD) algorithms.
  arXiv  Detail & Related papers  (2022-11-28T12:17:40Z)
• Anomal-E: A Self-Supervised Network Intrusion Detection System based on Graph Neural Networks [0.0]
  This paper investigates Graph Neural Networks (GNNs) application for self-supervised network intrusion and anomaly detection. GNNs are a deep learning approach for graph-based data that incorporate graph structures into learning. We present Anomal-E, a GNN approach to intrusion and anomaly detection that leverages edge features and graph topological structure in a self-supervised process.
  arXiv  Detail & Related papers  (2022-07-14T10:59:39Z)
• Anomaly Detection on Attributed Networks via Contrastive Self-Supervised Learning [50.24174211654775]
  We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks. Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair. A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
  arXiv  Detail & Related papers  (2021-02-27T03:17:20Z)
• Few-shot Network Anomaly Detection via Cross-network Meta-learning [45.8111239825361]
  We propose a new family of graph neural networks -- Graph Deviation Networks (GDN) GDN can leverage a small number of labeled anomalies for enforcing statistically significant deviations between abnormal and normal nodes on a network. We equip the proposed GDN with a new cross-network meta-learning algorithm to realize few-shot network anomaly detection.
  arXiv  Detail & Related papers  (2021-02-22T16:42:37Z)
• Graph Convolutional Networks for traffic anomaly [4.172516437934823]
  Event detection has been an important task in transportation, whose task is to detect points in time when large events disrupts a large portion of the urban traffic network. To fully capture the spatial and temporal traffic patterns remains a challenge, yet serves a crucial role for effective anomaly detection. We formulate the problem in a novel way, as detecting anomalies in a set of directed weighted graphs representing the traffic conditions at each time interval.
  arXiv  Detail & Related papers  (2020-12-25T22:36:22Z)
• Contextual-Bandit Anomaly Detection for IoT Data in Distributed Hierarchical Edge Computing [65.78881372074983]
  IoT devices can hardly afford complex deep neural networks (DNN) models, and offloading anomaly detection tasks to the cloud incurs long delay. We propose and build a demo for an adaptive anomaly detection approach for distributed hierarchical edge computing (HEC) systems. We show that our proposed approach significantly reduces detection delay without sacrificing accuracy, as compared to offloading detection tasks to the cloud.
  arXiv  Detail & Related papers  (2020-04-15T06:13:33Z)
• Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
  We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem. We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection. We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
  arXiv  Detail & Related papers  (2020-01-10T05:29:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.