Affiliation:
1. College of Computer, National University of Defense Technology, Changsha 410073, China
Abstract
Network behavior anomaly detection is an effective approach to discover unknown attacks, where generating high-efficacy network behavior representation is one of the most crucial parts. Nowadays, complicated network environments and advancing attack techniques make it more challenging. Existing methods cannot yield satisfied representations that express the semantics of network behaviors comprehensively. To tackle this problem, we propose XNBAD, a novel unsupervised network behavior anomaly detection framework, in this work. It integrates the timely high-order host states under the dynamic interaction context with the conversation patterns between hosts for behavior representation. High-order states can better summarize latent interaction patterns, but they are hard to be obtained directly. Therefore, XNBAD utilizes a graph neural network (GNN) to automatically generate high-order features from series of extracted base ones. We evaluated the detection performance of XNBAD in a publicly available benchmark dataset ISCX-2012. To report detailed and precise experimental results, we carefully refined the dataset before evaluation. The results show that XNBAD discovered various attack behaviors more effectively, and it significantly outperformed the existing representative methods by at least
relative improvement in terms of the overall weighted AUC.
Funder
National Basic Research Program of China
Subject
Computer Networks and Communications,Information Systems
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献