Skip to main content
SpringerLink
Log in

Efficient Network Representation for GNN-Based Intrusion Detection

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13905))

Included in the following conference series:

Abstract

The last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers’ activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes’ features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems’ performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    IP address spoofing refers to the creation of Internet Protocol (IP) packets with a false source IP address to evade the detection by intrusion detection systems.

References

  1. Alsaedi, A., Moustafa, N., Tari, Z., Mahmood, A., Anwar, A.: TON IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8 (2020). https://doi.org/10.1109/ACCESS.2020.3022862

  2. Brahim, S.B., Ghazzai, H., Besbes, H., Massoud, Y.: A machine learning smartphone-based sensing for driver behavior classification. In: 2022 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 610–614 (2022). https://doi.org/10.1109/ISCAS48785.2022.9937801

  3. Chang, L., Branco, P.: Graph-based Solutions with Residuals for Intrusion Detection: the Modified E-GraphSAGE and E-ResGAT Algorithms. arXiv abs/2111.13597 (2021)

    Google Scholar 

  4. Dubey, R., Pathak, P.N.: A survey on anomaly and signature based intrusion detection system (IDS). Int. J. Manag. IT Eng. 3, 334–354 (2014)

    Google Scholar 

  5. Engelen, G., Rimmer, V., Joosen, W.: In: Troubleshooting an Intrusion Detection Dataset: the CICIDS2017 Case Study, pp. 7–12. IEEE (2021)

    Google Scholar 

  6. Garrido, J.S., Dold, D., Frank, J.: Machine learning on knowledge graphs for context-aware security monitoring. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 55–60 (2021). https://doi.org/10.1109/CSR51186.2021.9527927

  7. Gong, L., Cheng, Q.: Exploiting edge features for graph neural networks. In: 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Los Alamitos, CA, USA, pp. 9203–9211. IEEE Computer Society (2019). https://doi.org/10.1109/CVPR.2019.00943. https://doi.ieeecomputersociety.org/10.1109/CVPR.2019.00943

  8. Husain, A., Salem, A., Jim, C., Dimitoglou, G.: Development of an efficient network intrusion detection model using extreme gradient boosting (XGBoost) on the UNSW-NB15 dataset. In: IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 1–7 (2019). https://doi.org/10.1109/ISSPIT47144.2019.9001867

  9. Laghari, S.U.A., Manickam, S., Al-Ani, A.K., Rehman, S.U., Karuppayah, S.: SECS/GEMsec: a mechanism for detection and prevention of cyber-attacks on SECS/GEM communications in industry 4.0 landscape. IEEE Access 9, 154380–154394 (2021). https://doi.org/10.1109/ACCESS.2021.3127515

  10. Li, W., Meng, W., Kwok, L.F.: Surveying trust-based collaborative intrusion detection: state-of-the-art, challenges and future directions. IEEE Commun. Surv. Tutor. 24(1), 280–305 (2022). https://doi.org/10.1109/COMST.2021.3139052

    Article  Google Scholar 

  11. Lo, W.W., Layeghy, S., Sarhan, M., Gallagher, M., Portmann, M.: E-GraphSAGE: A Graph Neural Network based Intrusion Detection System. CoRR abs/2103.16329 (2021). https://arxiv.org/abs/2103.16329

  12. Panigrahi, R., Borah, S.: A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. Int. J. Eng. Technol. 7, 479–482 (2018)

    Google Scholar 

  13. Pei, Y., Huang, T., van Ipenburg, W., Pechenizkiy, M.: ResGCN: attention-based deep residual modeling for anomaly detection on attributed networks. In: 2021 IEEE 8th International Conference on Data Science and Advanced Analytics (DSAA), pp. 1–2 (2021). https://doi.org/10.1109/DSAA53316.2021.9564233

  14. Veličković, P.: Message passing all the way up (2022). https://doi.org/10.48550/ARXIV.2202.11097. https://arxiv.org/abs/2202.11097

  15. Pujol-Perich, D., Suárez-Varela, J., Cabellos-Aparicio, A., Barlet-Ros, P.: Unveiling the potential of Graph Neural Networks for robust Intrusion Detection. CoRR abs/2107.14756 (2021). https://arxiv.org/abs/2107.14756

  16. Qin, K., Zhou, Y., Tian, B., Wang, R.: AttentionAE: autoencoder for anomaly detection in attributed networks. In: 2021 International Conference on Networking and Network Applications (NaNA), pp. 480–484 (2021). https://doi.org/10.1109/NaNA53684.2021.00089

  17. Shettar, P., Kachavimath, A.V., Mulla, M.M., G, N.D., Hanchinmani, G.: Intrusion detection system using MLP and chaotic neural networks. In: 2021 International Conference on Computer Communication and Informatics (ICCCI), pp. 1–4 (2021). https://doi.org/10.1109/ICCCI50826.2021.9457024

  18. Zerhoudi, S., Granitzer, M., Garchery, M.: Improving intrusion detection systems using zero-shot recognition via graph embeddings. In: 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 790–797 (2020). https://doi.org/10.1109/COMPSAC48688.2020.0-165

Download references

Acknowledgement

The present work has received funding from the European Union’s Horizon 2020 Marie Skłodowska Curie Innovative Training Network Greenedge (GA.No.953775).

Author information

Authors and Affiliations

  1. CEA, LIST, Communicating Systems Laboratory, 91191, Gif-sur-Yvette, France

    Hamdi Friji & Alexis Olivereau

  2. SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris, 91120, Palaiseau, France

    Hamdi Friji & Mireille Sarkiss

Authors
  1. Hamdi Friji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexis Olivereau
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mireille Sarkiss
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamdi Friji .

Editor information

Editors and Affiliations

  1. NTT Social Informatics Laboratories, Tokyo, Japan

    Mehdi Tibouchi

  2. Indiana University at Bloomington, Bloomington, IN, USA

    XiaoFeng Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Friji, H., Olivereau, A., Sarkiss, M. (2023). Efficient Network Representation for GNN-Based Intrusion Detection. In: Tibouchi, M., Wang, X. (eds) Applied Cryptography and Network Security. ACNS 2023. Lecture Notes in Computer Science, vol 13905. Springer, Cham. https://doi.org/10.1007/978-3-031-33488-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-33488-7_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-33487-0

  • Online ISBN: 978-3-031-33488-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation