NF-GNN: Network Flow Graph Neural Networks for Malware Detection and Classification

Busch, Julian; Kocheturov, Anton; Tresp, Volker; Seidl, Thomas

doi:10.48550/arxiv.2103.03939

Cited by 2 publications

(2 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this context, some works have explored the representation of traffic into clusters [22] or graphs [23,24]. Likewise, some recent works such as [25,26] propose the use of graph-based deep learning to exploit the relationship among network connections, showing significant improvement for malware detection in mobile applications. Similarly, [27] approaches the problem of Botnet detection assuming visibility of the full botnet topology.…”

Section: Related Workmentioning

confidence: 99%

Unveiling the potential of Graph Neural Networks for robust Intrusion Detection

Pujol-Perich

Suárez-Varela

Cabellos‐Aparicio

et al. 2022

SIGMETRICS Perform. Eval. Rev.

View full text Add to dashboard Cite

The last few years have seen an increasing wave of attacks with serious economic and privacy damages, which evinces the need for accurate Network Intrusion Detection Systems (NIDS). Recent works propose the use of Machine Learning (ML) techniques for building such systems (e.g., decision trees, neural networks). However, existing ML-based NIDS are barely robust to common adversarial attacks, which limits their applicability to real networks. A fundamental problem of these solutions is that they treat and classify flows independently. In contrast, in this paper we argue the importance of focusing on the structural patterns of attacks, by capturing not only the individual flow features, but also the relations between different flows (e.g., the source/destination hosts they share). To this end, we use a graph representation that keeps flow records and their relationships, and propose a novel Graph Neural Network (GNN) model tailored to process and learn from such graph-structured information. In our evaluation, we first show that the proposed GNN model achieves state-of-the-art results in the well-known CIC-IDS2017 dataset. Moreover, we assess the robustness of our solution under two common adversarial attacks, that intentionally modify the packet size and interarrival times to avoid detection. The results show that our model is able to maintain the same level of accuracy as in previous experiments, while state-of-the-art ML techniques degrade up to 50% their accuracy (F1-score) under these attacks. This unprecedented level of robustness is mainly induced by the capability of our GNN model to learn flow patterns of attacks structured as graphs.

show abstract

Section: Related Workmentioning

confidence: 99%

Unveiling the potential of Graph Neural Networks for robust Intrusion Detection

Pujol-Perich

Suárez-Varela

Cabellos‐Aparicio

et al. 2022

SIGMETRICS Perform. Eval. Rev.

View full text Add to dashboard Cite

show abstract

“…As a result, few recent works have explored the aggregation of network traffic into clusters (e.g., [21]) or graphs. In particular, [22,23] propose the use of graph learning to exploit the relationship among network connections, showing significant improvement for malware detection in mobile applications. Similarly, [24] approaches the problem of Botnet detection assuming visibility of the full botnet topology.…”

Section: Related Workmentioning

confidence: 99%