Skip to main content
SpringerLink
Log in

HRNN: Hypergraph Recurrent Neural Network for Network Intrusion Detection

  • Research
  • Published:
Journal of Grid Computing Aims and scope Submit manuscript

Abstract

In intrusion detection systems, deep learning has demonstrated its capability to effectively mine flow representations, significantly enhancing the ability to detect anomalies. However, current approaches still suffer from limitations in flow feature extraction and may require fine-tuning on different forms of data, and may even be nontransferable. The task of accurately and efficiently handling multiple forms of flow remains a challenging endeavor. In this work, we propose the Hypergraph Recurrent Neural Network (HRNN), a novel intrusion detection method that leverages the hypergraph higher-order structure and recurrent network. We construct flow data as hypergraph structures, which allow for more abundant information representation and implicitly incorporate more similar information in the model. The recurrent module extracts temporal features of the flow. Our design effectively fuses representations imbued with rich spatial and temporal semantics. Evaluations of several publicly available datasets portray that HRNN outperforms other state-of-the-art methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Research, C.: 2023 Security Report: Cyberattacks Reach an All-Time High in Response to Geo-Political Conflict and the Rise of Disruption and Destruction Malware (2023). https://research.checkpoint.com/2023/

  2. Thakkar, A., Lohiya, R.: A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions. Artif. Intell. Rev. 55(1), 453–563 (2022)

    Article  Google Scholar 

  3. Liao, H.-J., Lin, C.-H.R., Lin, Y.-C., Tung, K.-Y.: Intrusion detection system: A comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)

    Article  Google Scholar 

  4. Alsoufi, M.A., Razak, S., Siraj, M.M., Nafea, I., Ghaleb, F.A., Saeed, F., Nasser, M.: Anomaly-based intrusion detection systems in iot using deep learning: A systematic literature review. Appl. Sci. 11(18), 8383 (2021)

    Article  Google Scholar 

  5. Mahdavisharif, M., Jamali, S., Fotohi, R.: Big data-aware intrusion detection system in communication networks: a deep learning approach. Journal of Grid Computing. 19(4), 46 (2021)

    Article  Google Scholar 

  6. Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: An overview. IEEE Commun. Mag. 57(5), 76–81 (2019)

    Article  Google Scholar 

  7. Yao, Y., Su, L., Zhang, C., Lu, Z., Liu, B.: Marrying graph kernel with deep neural network: A case study for network anomaly detection. In: Computational Science–ICCS 2019: 19th International Conference, Faro, Portugal, June 12–14, 2019, Proceedings, Part II 19, pp. 102–115 (2019). Springer

  8. Kwon, D., Kim, H., Kim, J., Suh, S.C., Kim, I., Kim, K.J.: A survey of deep learning-based network anomaly detection. Clust. Comput. 22, 949–961 (2019)

    Article  Google Scholar 

  9. Lesfari, H., Giroire, F.: Nadege: When graph kernels meet network anomaly detection. In: IEEE INFOCOM 2022-IEEE Conference on Computer Communications, pp. 2008–2017 (2022). IEEE

  10. Zheng, W., Gou, C., Yan, L., Mo, S.: Learning to classify: A flow-based relation network for encrypted traffic classification. In: Proceedings of The Web Conference 2020, pp. 13–22 (2020)

  11. Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv:1609.02907. (2016)

  12. Schlichtkrull, M., Kipf, T.N., Bloem, P., Van Den Berg, R., Titov, I., Welling, M.: Modeling relational data with graph convolutional networks. In: The Semantic Web: 15th International Conference, ESWC 2018, Heraklion, Crete, Greece, June 3–7, 2018, Proceedings 15, pp. 593–607 (2018). Springer

  13. Feng, Y., You, H., Zhang, Z., Ji, R., Gao, Y.: Hypergraph neural networks. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 33, pp. 3558–3565 (2019)

  14. Gao, Y., Zhang, Z., Lin, H., Zhao, X., Du, S., Zou, C.: Hypergraph learning: Methods and practices. IEEE Trans. Pattern Anal. Mach. Intell. 44(5), 2548–2566 (2020)

    Google Scholar 

  15. Jafarian, J.H., Abolfathi, M., Rahimian, M.: Detecting network scanning through monitoring and manipulation of dns traffic. IEEE Access. 11, 20267–20283 (2023)

    Article  Google Scholar 

  16. Benferhat, S., Boudjelida, A., Tabia, K., Drias, H.: An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge. Appl. Intell. 38, 520–540 (2013)

    Article  Google Scholar 

  17. Mokari, H., Firouzmand, E., Sharifi, I., Doustmohammadi, A.: Resilient control strategy and attack detection on platooning of smart vehicles under dos attack. ISA Trans. 144, 51–60 (2024)

    Article  Google Scholar 

  18. Mokari, H., Firouzmand, E., Sharifi, I., Doustmohammadi, A.: Deception attack detection and resilient control in platoon of smart vehicles. In: 2022 30th International Conference on Electrical Engineering (ICEE), pp. 29–35 (2022). IEEE

  19. Majeed, P.G., Kumar, S.: Genetic algorithms in intrusion detection systems: A survey. Int. J. Innov. Appl. Stud. 5(3), 233 (2014)

    Google Scholar 

  20. Khraisat, A., Gondal, I., Vamplew, P.: An anomaly intrusion detection system using c5 decision tree classifier. In: Trends and Applications in Knowledge Discovery and Data Mining: PAKDD 2018 Workshops, BDASC, BDM, ML4Cyber, PAISI, DaMEMO, Melbourne, VIC, Australia, June 3, 2018, Revised Selected Papers 22, pp. 149–155 (2018). Springer

  21. Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN’02 (Cat. No. 02CH37290), vol. 2, pp. 1702–1707 (2002). IEEE

  22. Wang, Y., Wang, X., Ariffin, M.M., Abolfathi, M., Alqhatani, A., Almutairi, L.: Attack detection analysis in software-defined networks using various machine learning method. Comput. Electr. Eng. 108, 108655 (2023)

    Article  Google Scholar 

  23. Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE communications surveys & tutorials. 10(4), 56–76 (2008)

    Article  Google Scholar 

  24. Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732 (2017)

  25. Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE transactions on emerging topics in computational intelligence. 2(1), 41–50 (2018)

    Article  Google Scholar 

  26. Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., Ahmad, F.: Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies. 32(1), 4150 (2021)

    Article  Google Scholar 

  27. Choupanzadeh, R., Zadehgol, A.: A deep neural network modeling methodology for efficient emc assessment of shielding enclosures using meca-generated rcs training data. IEEE Transactions on Electromagnetic Compatibility. (2023)

  28. Baesmat, K.H., Latifi, S.: A new hybrid method for electrical load forecasting based on deviation correction and mrmrms. In: International Conference On Systems Engineering, pp. 293–303 (2023). Springer

  29. Wei, J., Chammam, A., Feng, J., Alshammari, A., Tehranian, K., Innab, N., Deebani, W., Shutaywi, M.: Power system monitoring for electrical disturbances in wide network using machine learning. Sustainable Computing: Informatics and Systems. 42, 100959 (2024)

    Google Scholar 

  30. Hassanpouri Baesmat, K., Shiri, A.: A new combined method for future energy forecasting in electrical networks. International Transactions on Electrical Energy Systems. 29(3), 2749 (2019)

    Article  Google Scholar 

  31. Jandaghi, E., Chen, X., Yuan, C.: Motion dynamics modeling and fault detection of a soft trunk robot. In: 2023 IEEE/ASME International Conference on Advanced Intelligent Mechatronics (AIM), pp. 1324–1329 (2023). IEEE

  32. Baesmat, K.H., Masoudipour, I., Samet, H.: Improving the performance of short-term load forecast using a hybrid artificial neural network and artificial bee colony algorithm amélioration des performances de la prévision de la charge à court terme à l’aide d’un réseau neuronal artificiel hybride et d’un algorithme de colonies d’abeilles artificielles. IEEE Canadian Journal of Electrical and Computer Engineering. 44(3), 275–282 (2021)

    Article  Google Scholar 

  33. Ying, Q., Yu, Y., Tian, D., Jia, X., Ma, R., Hu, C.: Cjspector: A novel cryptojacking detection method using hardware trace and deep learning. Journal of Grid Computing. 20(3), 31 (2022)

    Article  Google Scholar 

  34. Wang, Z.: The applications of deep learning on traffic identification. BlackHat USA 24(11), 1–10 (2015)

    Google Scholar 

  35. Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48 (2017). IEEE

  36. Zhang, J., Ling, Y., Fu, X., Yang, X., Xiong, G., Zhang, R.: Model of the intrusion detection system based on the integration of spatial-temporal features. Computers & Security. 89, 101681 (2020)

    Article  Google Scholar 

  37. Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access. 5, 21954–21961 (2017)

    Article  Google Scholar 

  38. Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Saberian, M.: Deep packet: A novel approach for encrypted traffic classification using deep learning. Soft Computing. 24(3), 1999–2012 (2020)

  39. Yao, H., Liu, C., Zhang, P., Wu, S., Jiang, C., Yu, S.: Identification of encrypted traffic through attention mechanism based long short term memory. IEEE transactions on big data. 8(1), 241–252 (2019)

    Article  Google Scholar 

  40. Deng, A., Hooi, B.: Graph neural network-based anomaly detection in multivariate time series. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 4027–4035 (2021)

  41. Mitropoulou, K., Kokkinos, P., Soumplis, P., Varvarigos, E.: Anomaly detection in cloud computing using knowledge graph embedding and machine learning mechanisms. Journal of Grid Computing. 22(1), 6 (2024)

    Article  Google Scholar 

  42. Jin, M., Koh, H.Y., Wen, Q., et al.: A survey on graph neural networks for time series: Forecasting, classification, imputation, and anomaly detection. arXiv preprint arXiv:2307.03759. (2023)

  43. Ling, X., Wu, L., Deng, W., Qu, Z., Zhang, J., Zhang, S., Ma, T., Wang, B., Wu, C., Ji, S.: Malgraph: Hierarchical graph neural networks for robust windows malware detection. In: IEEE INFOCOM 2022-IEEE Conference on Computer Communications, pp. 1998–2007 (2022). IEEE

  44. Mo, S., Wang, Y., Xiao, D., Wu, W., Fan, S., Shi, C.: Encrypted traffic classification using graph convolutional networks. In: Advanced Data Mining and Applications: 16th International Conference, ADMA 2020, Foshan, China, November 12–14, 2020, Proceedings 16, pp. 207–219 (2020). Springer

  45. Shen, M., Zhang, J., Zhu, L., Xu, K., Du, X.: Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans. Inf. Forensics Secur. 16, 2367–2380 (2021)

    Article  Google Scholar 

  46. Duan, G., Lv, H., Wang, H., Feng, G.: Application of a dynamic line graph neural network for intrusion detection with semisupervised learning. IEEE Trans. Inf. Forensics Secur. 18, 699–714 (2022)

    Article  Google Scholar 

  47. Sun, B., Yang, W., Yan, M., Wu, D., Zhu, Y., Bai, Z.: An encrypted traffic classification method combining graph convolutional network and autoencoder. In: 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), pp. 1–8 (2020). IEEE

  48. Zhang, M., Cui, Z., Neumann, M., Chen, Y.: An end-to-end deep learning architecture for graph classification. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 32 (2018)

  49. Zhou, D., Huang, J., Schölkopf, B.: Learning with hypergraphs: Clustering, classification, and embedding. Advances in neural information processing systems. 19 (2006)

  50. Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Computers & Security. 86, 147–167 (2019)

    Article  Google Scholar 

  51. Keller, J.M., Gray, M.R., Givens, J.A.: A fuzzy k-nearest neighbor algorithm. IEEE Trans. Syst. Man Cybern. 4, 580–585 (1985)

    Article  Google Scholar 

  52. Zaremba, W., Sutskever, I., Vinyals, O.: Recurrent neural network regularization. arXiv preprint arXiv:1409.2329. (2014)

  53. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6 (2009). Ieee

  54. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 1, 108–116 (2018)

  55. Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., Ghorbani, A.A.: Characterization of encrypted and vpn traffic using time-related. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), pp. 407–414 (2016)

  56. Yadati, N., Nimishakavi, M., Yadav, P., Nitin, V., Louis, A., Talukdar, P.: Hypergcn: A new method for training graph convolutional networks on hypergraphs. Advances in neural information processing systems. 32 (2019)

  57. Gao, Y., Feng, Y., Ji, S., Ji, R.: Hgnn \(^+\): General hypergraph neural networks. IEEE Transactions on Pattern Analysis and Machine Intell. (2022)

Download references

Funding

This work was supported in part by the National Natural Science Foundation of China (62376180, 62176175, 62302329), the project of the Ministry of Education on the Cooperation of Production and Education (220606363154256),the major project of Natural Science Research in Universities of Jiangsu Province (21KJA520004), Suzhou Planning Project of Science and Technology (SKY2023128, SYG202024, SYG202328), the Open Project Program of State Key Laboratory of Virtual Reality Technology and Systems, Beihang University (No.VRLAB2024B07), the Project Funded by the Priority Academic Program Development of Jiangsu Higher Education Institutions.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Soochow University, Suzhou, 215000, Jiangsu, China

    Zhe Yang, Zitong Ma, Wenbo Zhao, Lingzhi Li & Fei Gu

  2. Provincial Key Laboratory for Computer Information Processing Technology, Soochow University, Suzhou, 215000, Jiangsu, China

    Zhe Yang, Zitong Ma, Wenbo Zhao, Lingzhi Li & Fei Gu

Authors
  1. Zhe Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zitong Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenbo Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lingzhi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fei Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Zhe Yang: Conceptualization, Review and Editing; Zitong Ma: Methodology, Original draft; Wenbo Zhao: Data curation, Investigation; Lingzhi Li: Resources; Fei Gu: Resources. All authors reviewed the manuscript.

Corresponding authors

Correspondence to Zhe Yang or Zitong Ma.

Ethics declarations

This article is original and has been written by the stated authors who are all aware of its content and approve its submission has not been published previously, and it is not under consideration for publication elsewhere, no conflict of interest exists, if accepted, the article will not be published elsewhere in the same form, in any language, without the written consent of the publisher.

Competing interests

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yang, Z., Ma, Z., Zhao, W. et al. HRNN: Hypergraph Recurrent Neural Network for Network Intrusion Detection. J Grid Computing 22, 52 (2024). https://doi.org/10.1007/s10723-024-09767-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10723-024-09767-1

Keywords

Search

Navigation