Abstract
The last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers’ activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes’ features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems’ performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
IP address spoofing refers to the creation of Internet Protocol (IP) packets with a false source IP address to evade the detection by intrusion detection systems.
References
Alsaedi, A., Moustafa, N., Tari, Z., Mahmood, A., Anwar, A.: TON IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8 (2020). https://doi.org/10.1109/ACCESS.2020.3022862
Brahim, S.B., Ghazzai, H., Besbes, H., Massoud, Y.: A machine learning smartphone-based sensing for driver behavior classification. In: 2022 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 610–614 (2022). https://doi.org/10.1109/ISCAS48785.2022.9937801
Chang, L., Branco, P.: Graph-based Solutions with Residuals for Intrusion Detection: the Modified E-GraphSAGE and E-ResGAT Algorithms. arXiv abs/2111.13597 (2021)
Dubey, R., Pathak, P.N.: A survey on anomaly and signature based intrusion detection system (IDS). Int. J. Manag. IT Eng. 3, 334–354 (2014)
Engelen, G., Rimmer, V., Joosen, W.: In: Troubleshooting an Intrusion Detection Dataset: the CICIDS2017 Case Study, pp. 7–12. IEEE (2021)
Garrido, J.S., Dold, D., Frank, J.: Machine learning on knowledge graphs for context-aware security monitoring. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 55–60 (2021). https://doi.org/10.1109/CSR51186.2021.9527927
Gong, L., Cheng, Q.: Exploiting edge features for graph neural networks. In: 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Los Alamitos, CA, USA, pp. 9203–9211. IEEE Computer Society (2019). https://doi.org/10.1109/CVPR.2019.00943. https://doi.ieeecomputersociety.org/10.1109/CVPR.2019.00943
Husain, A., Salem, A., Jim, C., Dimitoglou, G.: Development of an efficient network intrusion detection model using extreme gradient boosting (XGBoost) on the UNSW-NB15 dataset. In: IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 1–7 (2019). https://doi.org/10.1109/ISSPIT47144.2019.9001867
Laghari, S.U.A., Manickam, S., Al-Ani, A.K., Rehman, S.U., Karuppayah, S.: SECS/GEMsec: a mechanism for detection and prevention of cyber-attacks on SECS/GEM communications in industry 4.0 landscape. IEEE Access 9, 154380–154394 (2021). https://doi.org/10.1109/ACCESS.2021.3127515
Li, W., Meng, W., Kwok, L.F.: Surveying trust-based collaborative intrusion detection: state-of-the-art, challenges and future directions. IEEE Commun. Surv. Tutor. 24(1), 280–305 (2022). https://doi.org/10.1109/COMST.2021.3139052
Lo, W.W., Layeghy, S., Sarhan, M., Gallagher, M., Portmann, M.: E-GraphSAGE: A Graph Neural Network based Intrusion Detection System. CoRR abs/2103.16329 (2021). https://arxiv.org/abs/2103.16329
Panigrahi, R., Borah, S.: A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int. J. Eng. Technol. 7, 479–482 (2018)
Pei, Y., Huang, T., van Ipenburg, W., Pechenizkiy, M.: ResGCN: attention-based deep residual modeling for anomaly detection on attributed networks. In: 2021 IEEE 8th International Conference on Data Science and Advanced Analytics (DSAA), pp. 1–2 (2021). https://doi.org/10.1109/DSAA53316.2021.9564233
Veličković, P.: Message passing all the way up (2022). https://doi.org/10.48550/ARXIV.2202.11097. https://arxiv.org/abs/2202.11097
Pujol-Perich, D., Suárez-Varela, J., Cabellos-Aparicio, A., Barlet-Ros, P.: Unveiling the potential of Graph Neural Networks for robust Intrusion Detection. CoRR abs/2107.14756 (2021). https://arxiv.org/abs/2107.14756
Qin, K., Zhou, Y., Tian, B., Wang, R.: AttentionAE: autoencoder for anomaly detection in attributed networks. In: 2021 International Conference on Networking and Network Applications (NaNA), pp. 480–484 (2021). https://doi.org/10.1109/NaNA53684.2021.00089
Shettar, P., Kachavimath, A.V., Mulla, M.M., G, N.D., Hanchinmani, G.: Intrusion detection system using MLP and chaotic neural networks. In: 2021 International Conference on Computer Communication and Informatics (ICCCI), pp. 1–4 (2021). https://doi.org/10.1109/ICCCI50826.2021.9457024
Zerhoudi, S., Granitzer, M., Garchery, M.: Improving intrusion detection systems using zero-shot recognition via graph embeddings. In: 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 790–797 (2020). https://doi.org/10.1109/COMPSAC48688.2020.0-165
Acknowledgement
The present work has received funding from the European Union’s Horizon 2020 Marie Skłodowska Curie Innovative Training Network Greenedge (GA.No.953775).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Friji, H., Olivereau, A., Sarkiss, M. (2023). Efficient Network Representation for GNN-Based Intrusion Detection. In: Tibouchi, M., Wang, X. (eds) Applied Cryptography and Network Security. ACNS 2023. Lecture Notes in Computer Science, vol 13905. Springer, Cham. https://doi.org/10.1007/978-3-031-33488-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-33488-7_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33487-0
Online ISBN: 978-3-031-33488-7
eBook Packages: Computer ScienceComputer Science (R0)