基于免疫仿生机理和图神经网络的网络异常检测方法

doi:10.3969/j.issn.1671-1122.2021.08.002

信息网络安全 ›› 2021, Vol. 21 ›› Issue (8): 10-16.doi: 10.3969/j.issn.1671-1122.2021.08.002

基于免疫仿生机理和图神经网络的网络异常检测方法

秦中元¹^,²(), 胡宁¹^,², 方兰婷¹^,²^,³

1.东南大学网络空间安全学院,南京 211189
2.移动信息通信与安全前沿科学中心,南京 211189
3.紫金山实验室,南京 211189

收稿日期:2021-05-17 出版日期:2021-08-10 发布日期:2021-09-01
通讯作者: 秦中元 E-mail:zyqin@seu.edu.cn
作者简介:秦中元（1974—）,男,河南,副教授,博士,主要研究方向为人工智能、无线网络安全|胡宁（1996—）,女,辽宁,硕士研究生,主要研究方向为网络安全、机器学习|方兰婷（1990—）,女,安徽,讲师,博士,主要研究方向为内生安全技术、舆情检测技术
基金资助:
国家自然科学基金(61906039)

Network Anomaly Detection Method Based on Immune Bionic Mechanism and Graph Neural Network

QIN Zhongyuan¹^,²(), HU Ning¹^,², FANG Lanting¹^,²^,³

1. School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China
2. Frontiers Science Center for Mobile Information Communication and Security, Nanjing 211189, China
3. Purple Mountain Laboratory, Nanjing 211189, China

Received:2021-05-17 Online:2021-08-10 Published:2021-09-01
Contact: QIN Zhongyuan E-mail:zyqin@seu.edu.cn

摘要/Abstract

摘要：

文章通过模仿生物系统的防御风险机制,提出一种基于免疫仿生机理和图神经网络的网络异常检测方法。通过图神经网络对节点附近的子图信息进行深度挖掘,在考虑网络内容特征的同时,将基于图的结构特征融入模型,共同作为网络异常检测依据,更好地挖掘网络中的异常信息。同时在网络异常检测中融入图表示学习技术,以解决特征表示问题。文章基于IDS2017数据集、Cora数据集和Reddit数据集进行实验,结果表明,该方法能够更好地挖掘网络中的异常,提高异常检测准确度。

关键词: 网络异常检测, 免疫仿生, 节点, 图神经网络, 图表示学习

Abstract:

This paper proposes a network anomaly detection method based on immune bionic mechanism and graph neural network by imitating the risk prevention mechanism of biological system, which uses graph neural network to deeply mine the sub graph information near the node. While considering the content features of the network, the structural features based on graph were integrated into the model, which can be used as the basis of anomaly detection in the network, so as to better mine the anomaly information in the network. At the same time, graph representation learning technology was integrated into network anomaly detection to solve the problem of feature representation. Based on CICIDS2017 dataset, Cora dataset and Reddit dataset, the experimental results show that this method can better mine network anomalies and improve the accuracy of anomaly detection.

Key words: network anomaly detection, immune bionic, node, graph neural network, graph representation learning

中图分类号:

TP309

秦中元, 胡宁, 方兰婷. 基于免疫仿生机理和图神经网络的网络异常检测方法[J]. 信息网络安全, 2021, 21(8): 10-16.

QIN Zhongyuan, HU Ning, FANG Lanting. Network Anomaly Detection Method Based on Immune Bionic Mechanism and Graph Neural Network[J]. Netinfo Security, 2021, 21(8): 10-16.

图/表 5

参考文献 16

[1]	XIN Zhuang. Research on Intrusion Detection Method Based on Artificial Immune[D]. Guizhou: Guizhou University, 2019.
	辛壮. 基于人工免疫的入侵检测方法的研究[D]. 贵州:贵州大学, 2019.
[2]	ESWARAN D, FALOUTSOS C. Sedanspot: Detecting Anomalies in Edge Streams[EB/OL]. https://ieeexplore.ieee.org/document/8594926 , 2021-01-02.
[3]	ESWARAN D, FALOUTSOS C, GUHA S, et al. Spotlight: Detecting Anomalies in Streaming Graphs[EB/OL]. https://dl.acm.org/doi/10.1145/3219819.3220040 , 2020-12-12.
[4]	PEROZZI B, AL-RFOU R, SKIENA S. Deepwalk: Online Learning of Social Representations[EB/OL]. https://dl.acm.org/doi/10.1145/2623330.2623732 , 2020-11-12.
[5]	WU Zonghan, PAN Shirui, CHEN Fengwen, et al. A Comprehensive Survey on Graph Neural Networks[J]. IEEE Transactions on Neural Networks and Learning Systems, 2021, 32(1):4-24. doi: 10.1109/TNNLS.5962385 URL
[6]	LIU Weiwen, ZHANG Yin, WANG Jianling, et al. Item Relationship Graph Neural Networks for E-commerce[EB/OL]. https://ieeexplore.ieee.org/document/9372806 , 2020-11-12.
[7]	ZHANG Lu, ZHANG Jian, LI Zhibin, et al. Towards Better Graph Representation: Two-branch Collaborative Graph Neural Networks for Multimodal Marketing Intention Detection[EB/OL]. https://ieeexplore.ieee.org/document/9102918 , 2020-11-12.
[8]	WU Yao, SONG Yu, HUANG Hong, et al. Enhancing Graph Neural Networks via Auxiliary Training for Semi-supervised Node Classification[EB/OL]. https://www.sciencedirect.com/science/article/abs/pii/S0950705121001477 , 2021-01-11.
[9]	HENAFF M, BRUNA J, LECUN Y. Deep Convolutional Networks on Graph-structured Data[EB/OL]. https://arxiv.org/abs/1506.05163 , 2020-12-11.
[10]	VELIČKOVIĆ P, CUCURULL G, CASANOVA A, et al. Graph Attention Networks[EB/OL]. https://arxiv.org/abs/1710.10903 , 2020-11-11.
[11]	GILMER J, SCHOENHOLZ S S, RILEY P F, et al. Neural Message Passing for Quantum Chemistry[EB/OL]. https://dl.acm.org/doi/10.5555/3305381.3305512 , 2020-12-11.
[12]	HAMILTON W L, YING R, LESKOVEC J. Inductive Representation Learning on Large Graphs[EB/OL]. https://dl.acm.org/doi/abs/10.5555/3294771.3294869 , 2020-12-11.
[13]	BELGHAZI M I, BARATIN A, RAJESWAR S, et al. Mine: Mutual Information Neural Estimation[EB/OL]. https://arxiv.org/abs/1801.04062 , 2020-11-11.
[14]	HJELM R D, FEDOROV A, LAVOIE-MARCHILDON S, et al. Learning Deep Representa-tions by Mutual Information Estimation and Maximization[EB/OL]. https://arxiv.org/abs/1808.06670 , 2020-11-11.
[15]	GILMER J, SCHOENHOLZ S S, RILEY P F, et al. Neural Message Passing for Quantum Chemistry[EB/OL]. https://dl.acm.org/doi/10.5555/3305381.3305512 , 2020-11-11.
[16]	HAMILTON W L, YING R, LESKOVEC J. Inductive Representation Learning on Large Graphs[EB/OL]. https://dl.acm.org/doi/abs/10.5555/3294771.3294869 , 2020-11-12.

数据集	节点数	边数	特征	类
IDS2017	9015	692703	80	2
Cora	2708	5429	1433	7
Reddit	231443	11606919	602	41

方法	IDS2017	Cora	Reddit
DeepWalk	71.2%	70.3%	32.4%
GCN	92.4%	78.8%	93.7%
GraphSage	73.1%	75.1%	89.2%
本文方法	98.7%	81.7%	94.1%

基于免疫仿生机理和图神经网络的网络异常检测方法

Network Anomaly Detection Method Based on Immune Bionic Mechanism and Graph Neural Network

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 16

相关文章 15

编辑推荐

Metrics

本文评价

[1]	谢四江, 高琼, 冯雁. 基于可信中继量子密钥分发网络的最少公共节点多路径路由方案[J]. 信息网络安全, 2021, 21(7): 35-42.
[2]	张凯, 刘京菊. 基于漏洞动态可利用性的网络入侵路径分析方法[J]. 信息网络安全, 2021, 21(4): 62-72.
[3]	余北缘, 刘建伟, 周子钰. 自组织网络环境下的节点认证机制研究[J]. 信息网络安全, 2020, 20(12): 9-18.
[4]	夏卓群, 曾悠优, 尹波, 徐明. 电力网络中基于物理信息的虚假数据入侵检测方法[J]. 信息网络安全, 2019, 19(4): 29-36.
[5]	蔡方博, 何泾沙, 朱娜斐, 韩松. 分布式访问控制模型中节点级联失效研究[J]. 信息网络安全, 2019, 19(12): 47-52.
[6]	魏成坤, 刘向东, 石兆军. 基于OAuth2.0的认证授权技术研究[J]. 信息网络安全, 2016, 16(9): 6-11.
[7]	罗旬, 严承华. 无线Mesh网络安全体系研究与设计[J]. 信息网络安全, 2015, 15(6): 61-66.
[8]	张玉婷1, 严承华, 魏玉人. 基于节点认证的物联网感知层安全性问题研究[J]. 信息网络安全, 2015, 15(11): 27-32.
[9]	夏业超, 梁琳, 杨大路, 夏正敏. 一种分布式网站状态监控机制研究[J]. 信息网络安全, 2014, 14(8): 88-91.
[10]	. 基于节点认证的物联网感知层信息安全传输机制的研究[J]. , 2014, 14(2): 53-.
[11]	王景中;凌晨. 基于节点认证的物联网感知层信息安全传输机制的研究[J]. , 2014, 14(2): 0-0.
[12]	沈长达;林艺滨;钱镜洁. HFS+删除文件恢复技术[J]. , 2013, 13(8): 0-0.
[13]	邢超;顾益军;任俊博. 藏文文本编码方案的识别算法[J]. , 2012, 12(12): 0-0.
[14]	李强;严承华. 基于直方图聚类的网络流量异常检测技术研究[J]. , 2012, 12(1): 0-0.
[15]	李超;李秋香;李春芳. 物联网安全保护与管理探究[J]. , 2011, 11(11): 0-0.