EG-ConMix: An Intrusion Detection Method based on Graph Contrastive Learning

• URL: http://arxiv.org/abs/2403.17980v1
• Date: Sun, 24 Mar 2024 04:09:48 GMT
• Title: EG-ConMix: An Intrusion Detection Method based on Graph Contrastive Learning
• Authors: Lijin Wu, Shanshan Lei, Feilong Liao, Yuanjun Zheng, Yuxin Liu, Wentao Fu, Hao Song, Jiajun Zhou,
• Abstract summary: We propose an EG-ConMix method based on E-GraphSAGE, incorporating a data augmentation module to fix the problem of data imbalance. EG-ConMix exhibits significant advantages in terms of training speed and accuracy for large-scale graphs.
• Score: 4.140068761522124
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: As the number of IoT devices increases, security concerns become more prominent. The impact of threats can be minimized by deploying Network Intrusion Detection System (NIDS) by monitoring network traffic, detecting and discovering intrusions, and issuing security alerts promptly. Most intrusion detection research in recent years has been directed towards the pair of traffic itself without considering the interrelationships among them, thus limiting the monitoring of complex IoT network attack events. Besides, anomalous traffic in real networks accounts for only a small fraction, which leads to a severe imbalance problem in the dataset that makes algorithmic learning and prediction extremely difficult. In this paper, we propose an EG-ConMix method based on E-GraphSAGE, incorporating a data augmentation module to fix the problem of data imbalance. In addition, we incorporate contrastive learning to discern the difference between normal and malicious traffic samples, facilitating the extraction of key features. Extensive experiments on two publicly available datasets demonstrate the superior intrusion detection performance of EG-ConMix compared to state-of-the-art methods. Remarkably, it exhibits significant advantages in terms of training speed and accuracy for large-scale graphs.

Related papers

• Towards Resource-Efficient Federated Learning in Industrial IoT for Multivariate Time Series Analysis [50.18156030818883]
  Anomaly and missing data constitute a thorny problem in industrial applications. Deep learning enabled anomaly detection has emerged as a critical direction. The data collected in edge devices contain user privacy.
  arXiv  Detail & Related papers  (2024-11-06T15:38:31Z)
• FedMADE: Robust Federated Learning for Intrusion Detection in IoT Networks Using a Dynamic Aggregation Method [7.842334649864372]
  Internet of Things (IoT) devices across multiple sectors has escalated serious network security concerns. Traditional Machine Learning (ML)-based Intrusion Detection Systems (IDSs) for cyber-attack classification require data transmission from IoT devices to a centralized server for traffic analysis, raising severe privacy concerns. We introduce FedMADE, a novel dynamic aggregation method, which clusters devices by their traffic patterns and aggregates local models based on their contributions towards overall performance.
  arXiv  Detail & Related papers  (2024-08-13T18:42:34Z)
• Federated PCA on Grassmann Manifold for IoT Anomaly Detection [23.340237814344384]
  Traditional machine learning-based intrusion detection systems (ML-IDS) possess limitations such as the requirement for labeled data. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions. This paper proposes a novel federated unsupervised anomaly detection framework, FedPCA, that learns common representations of distributed non-i.i.d. datasets.
  arXiv  Detail & Related papers  (2024-07-10T07:23:21Z)
• SIRST-5K: Exploring Massive Negatives Synthesis with Self-supervised Learning for Robust Infrared Small Target Detection [53.19618419772467]
  Single-frame infrared small target (SIRST) detection aims to recognize small targets from clutter backgrounds. With the development of Transformer, the scale of SIRST models is constantly increasing. With a rich diversity of infrared small target data, our algorithm significantly improves the model performance and convergence speed.
  arXiv  Detail & Related papers  (2024-03-08T16:14:54Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Effective In-vehicle Intrusion Detection via Multi-view Statistical Graph Learning on CAN Messages [9.04771951523525]
  In-vehicle network (IVN) is facing a wide variety of complex and changing external cyber-attacks. Only coarse-grained recognition can be achieved in current mainstream intrusion detection mechanisms. We propose StatGraph: an Effective Multi-view Statistical Graph Learning Intrusion Detection.
  arXiv  Detail & Related papers  (2023-11-13T03:49:55Z)
• PREM: A Simple Yet Effective Approach for Node-Level Graph Anomaly Detection [65.24854366973794]
  Node-level graph anomaly detection (GAD) plays a critical role in identifying anomalous nodes from graph-structured data in domains such as medicine, social networks, and e-commerce. We introduce a simple method termed PREprocessing and Matching (PREM for short) to improve the efficiency of GAD. Our approach streamlines GAD, reducing time and memory consumption while maintaining powerful anomaly detection capabilities.
  arXiv  Detail & Related papers  (2023-10-18T02:59:57Z)
• Effective Intrusion Detection in Highly Imbalanced IoT Networks with Lightweight S2CGAN-IDS [48.353590166168686]
  Internet of Things (IoT) networks contain benign traffic far more than abnormal traffic, with some rare attacks. Most existing studies have been focused on sacrificing the detection rate of the majority class in order to improve the detection rate of the minority class. We propose a lightweight framework named S2CGAN-IDS to expand the number of minority categories in both data space and feature space.
  arXiv  Detail & Related papers  (2023-06-06T14:19:23Z)
• Unsupervised Abnormal Traffic Detection through Topological Flow Analysis [1.933681537640272]
  topological connectivity component of a malicious flow is less exploited. We present a simple method that facilitate the use of connectivity graph features in unsupervised anomaly detection algorithms.
  arXiv  Detail & Related papers  (2022-05-14T18:52:49Z)
• Self-Supervised and Interpretable Anomaly Detection using Network Transformers [1.0705399532413615]
  This paper introduces the Network Transformer (NeT) model for anomaly detection. NeT incorporates the graph structure of the communication network in order to improve interpretability. The presented approach was tested by evaluating the successful detection of anomalies in an Industrial Control System.
  arXiv  Detail & Related papers  (2022-02-25T22:05:59Z)
• Information Obfuscation of Graph Neural Networks [96.8421624921384]
  We study the problem of protecting sensitive attributes by information obfuscation when learning with graph structured data. We propose a framework to locally filter out pre-determined sensitive attributes via adversarial training with the total variation and the Wasserstein distance.
  arXiv  Detail & Related papers  (2020-09-28T17:55:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.