Affiliation:
1. Department of Information and Telecommunication Engineering, Soongsil University, Seoul 06978, Republic of Korea
2. School of Electronic Engineering, Soongsil University, Seoul 06978, Republic of Korea
Abstract
As network sizes grow, attack schemes not only become more varied but also increase in complexity. This diversification leads to a proliferation of attack variants, complicating the identification and differentiation of potential threats. Enhancing system security necessitates the implementation of multi-class intrusion detection systems. This approach enables the categorization of incoming network traffic into distinct intrusion types and illustrates the specific attack encountered within the Internet. Numerous studies have leveraged deep learning (DL) for Network-based Intrusion Detection Systems (NIDS), aiming to improve intrusion detection. Among these DL algorithms, Graph Neural Networks (GNN) stand out for their ability to efficiently process unstructured data, especially network traffic, making them particularly suitable for NIDS applications. Although NIDS usually monitors incoming and outgoing flows in a network, represented as edge features in graph format, traditional GNN studies only consider node features, overlooking edge features. This oversight can result in losing important flow data and diminish the system’s ability to detect attacks effectively. To address this limitation, our research makes several key contributions: (1) Emphasize the significance of edge features for enhancing GNN for multi-class intrusion detection, (2) Utilize port information, which is essential for identifying attacks but often overlooked during training, (3) Reorganize features embedded within the graph. By doing this, the graph can represent close to the actual network, which is the node showing endpoint identification information such as IP addresses and ports; the edge contains information related to flow such as Duration, Number of Packet/s, and Length…; (4) Compared to traditional methods, our experiments demonstrate significant performance improvements on both CIC-IDS-2017 (98.32%) and UNSW-NB15 (96.71%) datasets.
Reference47 articles.
1. Lee, W., Stolfo, S., and Mok, K. (1999, January 14). A data mining framework for building intrusion detection models. Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344), Oakland, CA, USA.
2. Churcher, A., Ullah, R., Ahmad, J., ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., and Buchanan, W.J. (2021). An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks. Sensors, 21.
3. Network attacks detection methods based on deep learning techniques: A survey;Wu;Secur. Commun. Netw.,2020
4. DMT-Net: Deep Multiple Networks for Low-light Image Enhancement Based on Retinex Model;Duong;IEEE Access,2023
5. Nguyen, T.A., and Lee, J. (2023). A Nonlinear Convolutional Neural Network-Based Equalizer for Holographic Data Storage Systems. Appl. Sci., 13.
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献