Efficient Network Representation for GNN-Based Intrusion Detection

descriptionPublicationkeyboard_double_arrow_right Part of book or chapter of book , Article , Conference object , Preprint 01 Jan 2023Embargo end date: 01 Jan 2023 France English Publisher:Springer Nature SwitzerlandFunded by:EC | GREENEDGE

Authors: Friji, Hamdi; Olivereau, Alexis; Sarkiss, Mireille;

doi: 10.1007/978-3-031-33488-7_20 , 10.48550/arxiv.2310.05956 , 10.5281/zenodo.7843789 , 10.5281/zenodo.7843790

arXiv: 2310.05956

Efficient Network Representation for GNN-Based Intrusion Detection

- Summary
- Subjects
- Metrics

Abstract

The last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers activities. In addition, we present a Graph Neural Network (GNN) based framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.

Country

France

Related Organizations

University of Paris-Saclay
France
COMMISSARIAT A L ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
France
Commissariat à l’Energie Atomique et aux Energies Alternatives
France
Sciences Po
France
CEA LIST
France

View all View all

Keywords

FOS: Computer and information sciences, Cybersecurity, Computer Science - Cryptography and Security, Artificial Intelligence (cs.AI), Artificial Intelligence, Computer Science - Artificial Intelligence, Graph Theory, [INFO.INFO-LG] Computer Science [cs]/Machine Learning [cs.LG], [INFO] Computer Science [cs], Graph Neural Network, Cryptography and Security (cs.CR), Intrusion Detection

Impact byBIP!

	selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	21
	popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.	Top 10%
	influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	Top 10%
	impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.	Top 10%