Multiple Classification Algorithm Based on Graph Convolutional Neural Network for Intrusion Detection

Liu, Fulai; Hu, Zhongyi; Zhang, Aiyi; Du, Rong; Qin, Dongbao; Xu, Jialiang

doi:10.21203/rs.3.rs-515900/v1

Cited by 3 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Subsequently, the anomalous sensor nodes in the graph are identified with GAT. Liu et al [11] proposed a graph generation approach to create knn graphs for each flow instance. This approach uses nodes to represent features, calculates the Euclidean distance between features, and adds undirected edges between nodes based on the k-nearest neighbor algorithm.…”

Section: Plos Onementioning

confidence: 99%

“…The work in [10] suffers the same issue as the GLASS. The approach in [11] takes a more fine-grained approach and creates graphs for each session. The traffic trace graph in [12] has the problem that it may connect normal and attack nodes, resulting in low detection accuracy.…”

Section: Plos Onementioning

confidence: 99%

“…The GCNID [11], GCN-TC [12], Logistic Regression (LR), Naive Bayes (NB), and Support Vector Machines (SVM) algorithms are selected as the comparison algorithms in this evaluation. GCNID generates one KNN graph for each flow.…”

Section: Experiments Setupmentioning

confidence: 99%

“…The detection objects in the literature [9,10] are network nodes and it do not discriminate the traffic. The literature [11] transforms the session instances into K-Nearest Neighbors (KNN) graphs and uses the GCN model to detect each KNN graph. The KNN graph in [11] is generated by calculating the Euclidean distance between features of different instances.…”

Section: Introductionmentioning

confidence: 99%

“…The literature [11] transforms the session instances into K-Nearest Neighbors (KNN) graphs and uses the GCN model to detect each KNN graph. The KNN graph in [11] is generated by calculating the Euclidean distance between features of different instances. Then the k nearest nodes is selected to add edges for the central node.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

TITAN: Combining a bidirectional forwarding graph and GCN to detect saturation attack targeted at SDN

Ran,

Cui,

Zhao

et al. 2024

PLoS ONE

View full text Add to dashboard Cite

The decoupling of control and forwarding layers brings Software-Defined Networking (SDN) the network programmability and global control capability, but it also poses SDN security risks. The adversaries can use the forwarding and control decoupling character of SDN to forge legitimate traffic, launching saturation attacks targeted at SDN switches. These attacks can cause the overflow of switch flow tables, thus making the switch cannot forward benign network traffic. How to effectively detect saturation attack is a research hotspot. There are only a few graph-based saturation attack detection methods. Meanwhile, the current graph generation methods may take useless or misleading information to the attack detection, thus decreasing the attack detection accuracy. To solve the above problems, this paper proposes TITAN, a bidirecTional forwardIng graph-based saturaTion Attack detectioN method. TITAN defines flow forwarding rules and topology information, and designs flow statistical features. Based on these definitions, TITAN generates nodes of the bi-forwarding graph based on the flow statistics features and edges of the bi-forwarding graph based on the network traffic routing paths. In this way, each traffic flow in the network is transformed into a bi-directional forwarding graph. Then TITAN feeds the above bidirectional forwarding graph into a Graph Convolutional Network (GCN) to detect whether the flow is a saturation attack flow. The experimental results show that TITAN can effectively detect saturation attacks in SDNs with a detection accuracy of more than 97%.

show abstract

Section: Plos Onementioning

confidence: 99%

Section: Plos Onementioning

confidence: 99%

Section: Experiments Setupmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

TITAN: Combining a bidirectional forwarding graph and GCN to detect saturation attack targeted at SDN

Ran,

Cui,

Zhao

et al. 2024

PLoS ONE

View full text Add to dashboard Cite

show abstract

Intrusion Detection in Smart IoT Devices for People with Disabilities

Naveed

Usman

Satti

et al. 2022

2022 IEEE International Smart Cities Conference (ISC2)

View full text Add to dashboard Cite

MAFSIDS: a reinforcement learning-based intrusion detection model for multi-agent feature selection networks

Ren,

Zeng,

Zhong

et al. 2023

J Big Data

View full text Add to dashboard Cite

Large unbalanced datasets pose challenges for machine learning models, as redundant and irrelevant features can hinder their effectiveness. Furthermore, the performance of intrusion detection systems (IDS) can be further degraded by the emergence of new network attack types. To address these issues, we propose MAFSIDS (Multi-Agent Feature Selection Intrusion Detection System), a DQL (Deep Q-Learning) based IDS.MAFSIDS comprises a feature self-selection algorithm and a DRL (Deep Reinforcement Learning) attack detection module. The feature self-selection algorithm leverages a multi-agent reinforcement learning framework, which redefines the feature selection problem by converting the traditional $${2}^{N}$$ 2 N feature selection space into $$N$$ N agent representations. This approach reduces model complexity and enhances the search strategy for feature selection. To ensure accurate feature representation and expedite the feature selection process, we have also developed a GCN (Graph Convolutional Network) method that extracts deeper features from the data. The DRL attack detection module utilizes the Mini-Batchs technique to encode the data, allowing reinforcement learning to be applied in a supervised learning context. This integration improves accuracy. Additionally, the policy network in this module is designed to be minimalist, enhancing model efficiency. To evaluate the performance of our model, we conducted comprehensive simulation experiments using Python. We tested the model using the CSE-CIC-IDS2018 and NSL-KDD datasets, achieving impressive accuracy rates of 96.8% and 99.1%, as well as F1-Scores of 96.3% and 99.1%, respectively. The selected feature subset successfully eliminates approximately 80% of redundant features compared to the original feature set. Furthermore, we compared our proposed model with other popular machine-learning models.

show abstract

Multiple Classification Algorithm Based on Graph Convolutional Neural Network for Intrusion Detection

Cited by 3 publications

References 9 publications

TITAN: Combining a bidirectional forwarding graph and GCN to detect saturation attack targeted at SDN

TITAN: Combining a bidirectional forwarding graph and GCN to detect saturation attack targeted at SDN

Intrusion Detection in Smart IoT Devices for People with Disabilities

MAFSIDS: a reinforcement learning-based intrusion detection model for multi-agent feature selection networks

Contact Info

Product

Resources

About