Abstract
In intrusion detection systems, deep learning has demonstrated its capability to effectively mine flow representations, significantly enhancing the ability to detect anomalies. However, current approaches still suffer from limitations in flow feature extraction and may require fine-tuning on different forms of data, and may even be nontransferable. The task of accurately and efficiently handling multiple forms of flow remains a challenging endeavor. In this work, we propose the Hypergraph Recurrent Neural Network (HRNN), a novel intrusion detection method that leverages the hypergraph higher-order structure and recurrent network. We construct flow data as hypergraph structures, which allow for more abundant information representation and implicitly incorporate more similar information in the model. The recurrent module extracts temporal features of the flow. Our design effectively fuses representations imbued with rich spatial and temporal semantics. Evaluations of several publicly available datasets portray that HRNN outperforms other state-of-the-art methods.
Similar content being viewed by others
References
Research, C.: 2023 Security Report: Cyberattacks Reach an All-Time High in Response to Geo-Political Conflict and the Rise of Disruption and Destruction Malware (2023). https://research.checkpoint.com/2023/
Thakkar, A., Lohiya, R.: A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions. Artif. Intell. Rev. 55(1), 453–563 (2022)
Liao, H.-J., Lin, C.-H.R., Lin, Y.-C., Tung, K.-Y.: Intrusion detection system: A comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)
Alsoufi, M.A., Razak, S., Siraj, M.M., Nafea, I., Ghaleb, F.A., Saeed, F., Nasser, M.: Anomaly-based intrusion detection systems in iot using deep learning: A systematic literature review. Appl. Sci. 11(18), 8383 (2021)
Mahdavisharif, M., Jamali, S., Fotohi, R.: Big data-aware intrusion detection system in communication networks: a deep learning approach. Journal of Grid Computing. 19(4), 46 (2021)
Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: An overview. IEEE Commun. Mag. 57(5), 76–81 (2019)
Yao, Y., Su, L., Zhang, C., Lu, Z., Liu, B.: Marrying graph kernel with deep neural network: A case study for network anomaly detection. In: Computational Science–ICCS 2019: 19th International Conference, Faro, Portugal, June 12–14, 2019, Proceedings, Part II 19, pp. 102–115 (2019). Springer
Kwon, D., Kim, H., Kim, J., Suh, S.C., Kim, I., Kim, K.J.: A survey of deep learning-based network anomaly detection. Clust. Comput. 22, 949–961 (2019)
Lesfari, H., Giroire, F.: Nadege: When graph kernels meet network anomaly detection. In: IEEE INFOCOM 2022-IEEE Conference on Computer Communications, pp. 2008–2017 (2022). IEEE
Zheng, W., Gou, C., Yan, L., Mo, S.: Learning to classify: A flow-based relation network for encrypted traffic classification. In: Proceedings of The Web Conference 2020, pp. 13–22 (2020)
Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv:1609.02907. (2016)
Schlichtkrull, M., Kipf, T.N., Bloem, P., Van Den Berg, R., Titov, I., Welling, M.: Modeling relational data with graph convolutional networks. In: The Semantic Web: 15th International Conference, ESWC 2018, Heraklion, Crete, Greece, June 3–7, 2018, Proceedings 15, pp. 593–607 (2018). Springer
Feng, Y., You, H., Zhang, Z., Ji, R., Gao, Y.: Hypergraph neural networks. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 33, pp. 3558–3565 (2019)
Gao, Y., Zhang, Z., Lin, H., Zhao, X., Du, S., Zou, C.: Hypergraph learning: Methods and practices. IEEE Trans. Pattern Anal. Mach. Intell. 44(5), 2548–2566 (2020)
Jafarian, J.H., Abolfathi, M., Rahimian, M.: Detecting network scanning through monitoring and manipulation of dns traffic. IEEE Access. 11, 20267–20283 (2023)
Benferhat, S., Boudjelida, A., Tabia, K., Drias, H.: An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge. Appl. Intell. 38, 520–540 (2013)
Mokari, H., Firouzmand, E., Sharifi, I., Doustmohammadi, A.: Resilient control strategy and attack detection on platooning of smart vehicles under dos attack. ISA Trans. 144, 51–60 (2024)
Mokari, H., Firouzmand, E., Sharifi, I., Doustmohammadi, A.: Deception attack detection and resilient control in platoon of smart vehicles. In: 2022 30th International Conference on Electrical Engineering (ICEE), pp. 29–35 (2022). IEEE
Majeed, P.G., Kumar, S.: Genetic algorithms in intrusion detection systems: A survey. Int. J. Innov. Appl. Stud. 5(3), 233 (2014)
Khraisat, A., Gondal, I., Vamplew, P.: An anomaly intrusion detection system using c5 decision tree classifier. In: Trends and Applications in Knowledge Discovery and Data Mining: PAKDD 2018 Workshops, BDASC, BDM, ML4Cyber, PAISI, DaMEMO, Melbourne, VIC, Australia, June 3, 2018, Revised Selected Papers 22, pp. 149–155 (2018). Springer
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN’02 (Cat. No. 02CH37290), vol. 2, pp. 1702–1707 (2002). IEEE
Wang, Y., Wang, X., Ariffin, M.M., Abolfathi, M., Alqhatani, A., Almutairi, L.: Attack detection analysis in software-defined networks using various machine learning method. Comput. Electr. Eng. 108, 108655 (2023)
Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE communications surveys & tutorials. 10(4), 56–76 (2008)
Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732 (2017)
Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE transactions on emerging topics in computational intelligence. 2(1), 41–50 (2018)
Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., Ahmad, F.: Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies. 32(1), 4150 (2021)
Choupanzadeh, R., Zadehgol, A.: A deep neural network modeling methodology for efficient emc assessment of shielding enclosures using meca-generated rcs training data. IEEE Transactions on Electromagnetic Compatibility. (2023)
Baesmat, K.H., Latifi, S.: A new hybrid method for electrical load forecasting based on deviation correction and mrmrms. In: International Conference On Systems Engineering, pp. 293–303 (2023). Springer
Wei, J., Chammam, A., Feng, J., Alshammari, A., Tehranian, K., Innab, N., Deebani, W., Shutaywi, M.: Power system monitoring for electrical disturbances in wide network using machine learning. Sustainable Computing: Informatics and Systems. 42, 100959 (2024)
Hassanpouri Baesmat, K., Shiri, A.: A new combined method for future energy forecasting in electrical networks. International Transactions on Electrical Energy Systems. 29(3), 2749 (2019)
Jandaghi, E., Chen, X., Yuan, C.: Motion dynamics modeling and fault detection of a soft trunk robot. In: 2023 IEEE/ASME International Conference on Advanced Intelligent Mechatronics (AIM), pp. 1324–1329 (2023). IEEE
Baesmat, K.H., Masoudipour, I., Samet, H.: Improving the performance of short-term load forecast using a hybrid artificial neural network and artificial bee colony algorithm amélioration des performances de la prévision de la charge à court terme à l’aide d’un réseau neuronal artificiel hybride et d’un algorithme de colonies d’abeilles artificielles. IEEE Canadian Journal of Electrical and Computer Engineering. 44(3), 275–282 (2021)
Ying, Q., Yu, Y., Tian, D., Jia, X., Ma, R., Hu, C.: Cjspector: A novel cryptojacking detection method using hardware trace and deep learning. Journal of Grid Computing. 20(3), 31 (2022)
Wang, Z.: The applications of deep learning on traffic identification. BlackHat USA 24(11), 1–10 (2015)
Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48 (2017). IEEE
Zhang, J., Ling, Y., Fu, X., Yang, X., Xiong, G., Zhang, R.: Model of the intrusion detection system based on the integration of spatial-temporal features. Computers & Security. 89, 101681 (2020)
Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access. 5, 21954–21961 (2017)
Lotfollahi, M., Jafari Siavoshani, M., Shirali Hossein Zade, R., Saberian, M.: Deep packet: A novel approach for encrypted traffic classification using deep learning. Soft Computing. 24(3), 1999–2012 (2020)
Yao, H., Liu, C., Zhang, P., Wu, S., Jiang, C., Yu, S.: Identification of encrypted traffic through attention mechanism based long short term memory. IEEE transactions on big data. 8(1), 241–252 (2019)
Deng, A., Hooi, B.: Graph neural network-based anomaly detection in multivariate time series. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 4027–4035 (2021)
Mitropoulou, K., Kokkinos, P., Soumplis, P., Varvarigos, E.: Anomaly detection in cloud computing using knowledge graph embedding and machine learning mechanisms. Journal of Grid Computing. 22(1), 6 (2024)
Jin, M., Koh, H.Y., Wen, Q., et al.: A survey on graph neural networks for time series: Forecasting, classification, imputation, and anomaly detection. arXiv preprint arXiv:2307.03759. (2023)
Ling, X., Wu, L., Deng, W., Qu, Z., Zhang, J., Zhang, S., Ma, T., Wang, B., Wu, C., Ji, S.: Malgraph: Hierarchical graph neural networks for robust windows malware detection. In: IEEE INFOCOM 2022-IEEE Conference on Computer Communications, pp. 1998–2007 (2022). IEEE
Mo, S., Wang, Y., Xiao, D., Wu, W., Fan, S., Shi, C.: Encrypted traffic classification using graph convolutional networks. In: Advanced Data Mining and Applications: 16th International Conference, ADMA 2020, Foshan, China, November 12–14, 2020, Proceedings 16, pp. 207–219 (2020). Springer
Shen, M., Zhang, J., Zhu, L., Xu, K., Du, X.: Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans. Inf. Forensics Secur. 16, 2367–2380 (2021)
Duan, G., Lv, H., Wang, H., Feng, G.: Application of a dynamic line graph neural network for intrusion detection with semisupervised learning. IEEE Trans. Inf. Forensics Secur. 18, 699–714 (2022)
Sun, B., Yang, W., Yan, M., Wu, D., Zhu, Y., Bai, Z.: An encrypted traffic classification method combining graph convolutional network and autoencoder. In: 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), pp. 1–8 (2020). IEEE
Zhang, M., Cui, Z., Neumann, M., Chen, Y.: An end-to-end deep learning architecture for graph classification. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 32 (2018)
Zhou, D., Huang, J., Schölkopf, B.: Learning with hypergraphs: Clustering, classification, and embedding. Advances in neural information processing systems. 19 (2006)
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., Hotho, A.: A survey of network-based intrusion detection data sets. Computers & Security. 86, 147–167 (2019)
Keller, J.M., Gray, M.R., Givens, J.A.: A fuzzy k-nearest neighbor algorithm. IEEE Trans. Syst. Man Cybern. 4, 580–585 (1985)
Zaremba, W., Sutskever, I., Vinyals, O.: Recurrent neural network regularization. arXiv preprint arXiv:1409.2329. (2014)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6 (2009). Ieee
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 1, 108–116 (2018)
Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., Ghorbani, A.A.: Characterization of encrypted and vpn traffic using time-related. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), pp. 407–414 (2016)
Yadati, N., Nimishakavi, M., Yadav, P., Nitin, V., Louis, A., Talukdar, P.: Hypergcn: A new method for training graph convolutional networks on hypergraphs. Advances in neural information processing systems. 32 (2019)
Gao, Y., Feng, Y., Ji, S., Ji, R.: Hgnn \(^+\): General hypergraph neural networks. IEEE Transactions on Pattern Analysis and Machine Intell. (2022)
Funding
This work was supported in part by the National Natural Science Foundation of China (62376180, 62176175, 62302329), the project of the Ministry of Education on the Cooperation of Production and Education (220606363154256),the major project of Natural Science Research in Universities of Jiangsu Province (21KJA520004), Suzhou Planning Project of Science and Technology (SKY2023128, SYG202024, SYG202328), the Open Project Program of State Key Laboratory of Virtual Reality Technology and Systems, Beihang University (No.VRLAB2024B07), the Project Funded by the Priority Academic Program Development of Jiangsu Higher Education Institutions.
Author information
Authors and Affiliations
Contributions
Zhe Yang: Conceptualization, Review and Editing; Zitong Ma: Methodology, Original draft; Wenbo Zhao: Data curation, Investigation; Lingzhi Li: Resources; Fei Gu: Resources. All authors reviewed the manuscript.
Corresponding authors
Ethics declarations
This article is original and has been written by the stated authors who are all aware of its content and approve its submission has not been published previously, and it is not under consideration for publication elsewhere, no conflict of interest exists, if accepted, the article will not be published elsewhere in the same form, in any language, without the written consent of the publisher.
Competing interests
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Yang, Z., Ma, Z., Zhao, W. et al. HRNN: Hypergraph Recurrent Neural Network for Network Intrusion Detection. J Grid Computing 22, 52 (2024). https://doi.org/10.1007/s10723-024-09767-1
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10723-024-09767-1