E-minBatch GraphSAGE: An Industrial Internet Attack Detection Model

Lan, Jin; Lu, J.; Wan, Guo G.; Wang, Yuan Y.; Huang, Chen; Zhang, Shi B.; Huang, Yongping; N., Jin

doi:10.1155/2022/5363764

Cited by 12 publications

(4 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another improvement to E-GraphSAGE is provided by Lan et al [73], by introducing a pre-sampling step before training the model, resulting in smaller graphs and better scalability. The performance of this model has been compared to the original E-GraphSAGE along with other baselines on the UNSW-NB15 dataset where the accuracy and F1-score are slightly improved on both binary classification and multi-class classification tasks.…”

Section: ) Network Intrusion Detection With Flow Graphsmentioning

confidence: 99%

Graph Neural Networks for Intrusion Detection: A Survey

Bilot

Madhoun

Agha³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Cyberattacks represent an ever-growing threat that has become a real priority for most organizations. Attackers use sophisticated attack scenarios to deceive defense systems in order to access private data or cause harm. Machine Learning (ML) and Deep Learning (DL) have demonstrate impressive results for detecting cyberattacks due to their ability to learn generalizable patterns from flat data. However, flat data fail to capture the structural behavior of attacks, which is essential for effective detection. Contrarily, graph structures provide a more robust and abstract view of a system that is difficult for attackers to evade. Recently, Graph Neural Networks (GNNs) have become successful in learning useful representations from the semantic provided by graph-structured data. Intrusions have been detected for years using graphs such as network flow graphs or provenance graphs, and learning representations from these structures can help models understand the structural patterns of attacks, in addition to traditional features. In this survey, we focus on the applications of graph representation learning to the detection of network-based and hostbased intrusions, with special attention to GNN methods. For both network and host levels, we present the graph data structures that can be leveraged and we comprehensively review the state-of-the-art papers along with the used datasets. Our analysis reveals that GNNs are particularly efficient in cybersecurity, since they can learn effective representations without requiring any external domain knowledge. We also evaluate the robustness of these techniques based on adversarial attacks. Finally, we discuss the strengths and weaknesses of GNN-based intrusion detection and identify future research directions.INDEX TERMS Cyberattacks, cybersecurity, deep learning (DL), graph neural networks (GNNs), intrusion detection (IDS), machine learning (ML).

show abstract

Section: ) Network Intrusion Detection With Flow Graphsmentioning

confidence: 99%

Graph Neural Networks for Intrusion Detection: A Survey

Bilot

Madhoun

Agha³

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In our previous work [29][30][31][32], we used the spatiotemporal features of traffic for anomaly detection, such as temporal features, combined features, and protocol features. In our algorithm, we not only use the features proposed by our previous work (such as the average number of packets of upstream and downstream traffic, the total size of upstream and downstream data packets, traffic duration, etc.…”

Section: Extraction Of Traffic Spatiotemporal Featuresmentioning

confidence: 99%

Anti-attack Intrusion Detection Model based on MPNN and Traffic Spatiotemporal Characteristics

Lan

Huang

et al. 2023

Preprint

Self Cite

View full text Add to dashboard Cite

Considering the robustness and accuracy of conventional intrusion detection models are easily influenced by adversarial attacks, this work proposes an anti-attack intrusion detection algorithm based on a message-passing neural network with traffic spatiotemporal features. Our algorithm can not only effectively distinguish and correlate upstream and downstream traffics, but also clearly embody the relationship between different traffics from the same source node and destination node by the established graph structure. We also improve the model by utilising the characteristics of the existing network attacks, which indicates thatthe traffic spatiotemporal characteristics could achieve high accuracy on attack traffic detection. Compared to the previous algorithms, extensive experiments show that our proposed model outperforms other similar models in performance. For the multi-classification tasks, our algorithm can effectively detect most of the network attacks and outperform traditional machine learning methods. In terms of algorithm robustness, our algorithm is less affected by adversarial attacks than traditional machine learning algorithms.

show abstract

“…2) Limited Feature Extraction. Network flows have complex topological structures [12], including node connections, interaction patterns, and propagation behaviors. Conventional feature extraction methods focus on individual nodes or local features, making capturing and utilizing topological structure information difficult.…”

Section: Challenging Issues and Related Workmentioning

confidence: 99%

Blockchain-Assisted Cross-silo Graph Federated Learning for Network Intrusion Detection

Shen,

Zhou,

Wang

et al. 2023

Preprint

View full text Add to dashboard Cite

In this paper, a blockchain-assisted cross-silo graph federated learning (B-CGFL) framework is presented for large-scale network intrusion detection, aiming to break down barriers among different organizations and achieve a secure and transparent multi-party collaboration ecosystem. The network scenario is divided into multiple regions. Organizations in each region leverage graph neural networks to analyze local network flow topology information and identify traffic types accurately. With cross-silo graph federated learning, coordinators and organizations collaboratively complete the training and updating of global intrusion detection models. Multiple coordinators jointly maintain a chain to improve the global model’s scalability and storage security. Oracle nodes bridge the off-chain data provider and on-chain smart contracts, enabling secure transmission in off-chain model accuracy testing. For fair competition, a reputation-aware model incentive mechanism is designed to improve global model quality. Security analysis confirms that B-CGFL can defend against inference attacks, model plagiarism, and tampering with model test results. Experiments on three challenging datasets ToN-IoT, CSE-CIC-IDS2018, and BoT-IoT demonstrate that compared with benchmark machine learning methods, B-CGFL exhibits superior performance in accuracy and F1-score and facilitates model quality improvement.

show abstract

E-minBatch GraphSAGE: An Industrial Internet Attack Detection Model

Cited by 12 publications

References 25 publications

Graph Neural Networks for Intrusion Detection: A Survey

Graph Neural Networks for Intrusion Detection: A Survey

Anti-attack Intrusion Detection Model based on MPNN and Traffic Spatiotemporal Characteristics

Blockchain-Assisted Cross-silo Graph Federated Learning for Network Intrusion Detection

Contact Info

Product

Resources

About