基于双重图神经网络和自编码器的网络异常检测

doi:10.3969/j.issn.1671-1122.2023.09.001

摘要/Abstract

摘要：

图神经网络在网络异常检测领域中的应用大多集中于单点特征的提取，忽略了连续流量之间的关联性的特点，文章提出了一种基于双重图神经网络和自编码器的网络异常检测方法DGCNAE。该方法首先对通信数据进行图构建和子图划分，然后将子图送入两层图卷积神经网络，分别对点和边进行特征提取，最后采用无监督学习方法对划分出的子图进行训练。通过对子图划分时间间隔和迭代次数进行迭代实验，得出效果最佳的子图划分时间间隔和迭代次数，并在3个典型数据集上与已有算法进行对比实验，实验结果表明，该方法具有更高的准确率和泛化能力。

关键词: 异常检测, 图神经网络, 自编码器

Abstract:

Considering the application of graph neural networks in the field of network anomaly detection mostly focused on the extraction of single point features, while ignoring the correlation features between continuous messages. This paper proposed a network anomaly detection method based on dual graph convolutional networks and autoencoders. This method first constructed the graph and divided the subgraph of the communication data, then sent the subgraph into the two-layer graph convolution neural network to extract the features of points and edges respectively, and finally used the unsupervised learning method to train the divided subgraph. In the experimental part, through the iterative experiment on the subgraph division time interval and iteration times, the subgraph division time interval and iteration times with the best effect were obtained. Comparative experiments with traditional algorithms on three data sets showed that our scheme is more accurate and has stronger generalization.

Key words: anomaly detection, graph neural network, autoencoder

中图分类号:

TP309

秦中元, 马楠, 余亚聪, 陈立全. 基于双重图神经网络和自编码器的网络异常检测[J]. 信息网络安全, 2023, 23(9): 1-11.

QIN Zhongyuan, MA Nan, YU Yacong, CHEN Liquan. Network Anomaly Detection Based on Dual Graph Convolutional Network and Autoencoders[J]. Netinfo Security, 2023, 23(9): 1-11.

图/表 11

图1

图2

图3

图4

表1

表2

表3

图5

图6

表4

图7

参考文献 25

[1]	YOST J R. The March of IDES: Early History of Intrusion-Detection Expert Systems[J]. IEEE Annals of the History of Computing, 2016, 38(4): 42-54.
[2]	JAMES G, WITTEN D, HASTIE T, et al. An Introduction to Statistical Learning: With Applications in R[M]. New York: Springer, 2021.
[3]	THAKKAR A, LOHIYA R. A Review on Machine Learning and Deep Learning Perspectives of IDS for IoT: Recent Updates, Security Issues, and Challenges[J]. Archives of Computational Methods in Engineering, 2021, 28(4): 3211-3243. doi: 10.1007/s11831-020-09496-0
[4]	VINAYAKUMAR R, ALAZAB M, SOMAN K P, et al. Deep Learning Approach for Intelligent Intrusion Detection System[J]. IEEE Access, 2019, 7: 41525-41550. doi: 10.1109/ACCESS.2019.2895334
[5]	ESWARAN D, FALOUTSOS C. SedanSpot: Detecting Anomalies in Edge Streams[C]// IEEE. 2018 IEEE International Conference on Data Mining (ICDM). New York: IEEE, 2018: 953-958.
[6]	ZHU Huidi, LU Jialiang. Graph-Based Intrusion Detection System Using General Behavior Learning[C]// IEEE. GLOBECOM 2022-2022 IEEE Global Communications Conference. New York: IEEE, 2022: 2621-2626.
[7]	YAO Yepeng, SU Liya, LU Zhigang. DeepGFL: Deep Feature Learning via Graph for Attack Detection on Flow-Based Network Traffic[C]// IEEE. MILCOM 2018-2018 IEEE Military Communications Conference (MILCOM). New York: IEEE, 2018: 579-584.
[8]	FANG Yong, WANG Congshuang, FANG Zhiyang, et al. LMTracker: Lateral Movement Path Detection Based on Heterogeneous Graph Embedding[J]. Neurocomputing, 2022, 474: 37-47. doi: 10.1016/j.neucom.2021.12.026 URL
[9]	WU Zonghua, PAN Shirui, CHEN Fengwen, et al. A Comprehensive Survey on Graph Neural Networks[J]. IEEE Transactions on Neural Networks and Learning Systems, 2020, 32(1): 4-24. doi: 10.1109/TNNLS.5962385 URL
[10]	CAVILLE E, LO W W, LAYEGHY S, et al. Anomal-E: A Self-Supervised Network Intrusion Detection System Based on Graph Neural Networks[J]. Knowledge-Based Systems, 2022, 258: 1-12.
[11]	KIPF T N, WELLING M. Semi-Supervised Classification with Graph Convolutional Networks[EB/OL]. (2016-09-09)[2023-05-13]. https://arxiv.org/abs/1609.02907.
[12]	LIU Jie, LI Xiwang. Anomaly Detection Algorithm in Industrial Control Network Based on Graph Neural Network[J]. Computer Systems & Applications, 2020, 29(12): 234-238.
	刘杰, 李喜旺. 基于图神经网络的工控网络异常检测算法[J]. 计算机系统应用, 2020, 29(12): 234-238.
[13]	TANG Qiuhang, CHEN Huadong, GE Binbin, et al. AIGCN: Attack Intention Detection for Power System Using Graph Convolutional Networks[J]. Journal of Signal Processing Systems, 2022, 94(11): 1119-1127. doi: 10.1007/s11265-021-01724-5
[14]	POURHABIBI T, ONG K L, KAM B, et al. Fraud Detection: A Systematic Literature Review of Graph-Based Anomaly Detection Approaches[J]. Decision Support Systems, 2020, 133: 1-15.
[15]	KIM H, LEE B S, SHIN W Y, et al. Graph Anomaly Detection with Graph Neural Networks: Current Status and Challenges[J]. IEEE Access, 2022, 10: 111820-111829. doi: 10.1109/ACCESS.2022.3211306 URL
[16]	DING Qingfeng, LI Jinguo. A Distributed Abnormal Traffic Detection Scheme in the Internet of Things Environment[J]. Computer Engineering, 2022, 48(8): 152-159. doi: 10.19678/j.issn.1000-3428.0063284
	丁庆丰, 李晋国. 一种物联网环境下的分布式异常流量检测方案[J]. 计算机工程, 2022, 48(8): 152-159. doi: 10.19678/j.issn.1000-3428.0063284
[17]	ZOLA F, SEGUROLA-GIL L, BRUSE J L, et al. Network Traffic Analysis through Node Behaviour Classification: A Graph-Based Approach with Temporal Dissection and Data-Level Preprocessing[J]. Computers & Security, 2022, 115: 1-17.
[18]	LO W W, LAYEGHY S, SARHAN M. E-GraphSAGE: A Graph Neural Network Based Intrusion Detection System for IoT[C]// IEEE/IFIP. 2022 IEEE/IFIP Network Operations and Management Symposium (NOMS 2022). New York: IEEE, 2022: 1-9.
[19]	LIU Jinpeng. Network Security Protection Based on Machine Learning Technology[J]. Cybersecurity, 2018, 9(9): 96-102.
	刘金鹏. 基于机器学习技术的网络安全防护[J]. 网络空间安全, 2018, 9(9): 96-102.
[20]	EDDAHMANI I, PHAM C H, NAPOLEON T, et al. Unsupervised Learning of Disentangled Representation via Auto-Encoding: A Survey[J]. Sensors, 2023, 23(4): 1-19. doi: 10.3390/s23010001 URL
[21]	SAKURADA M, YAIRI T. Anomaly Detection Using Autoencoders with Nonlinear Dimensionality Reduction[C]// MLSDA. Proceedings of the MLSDA 2014 2nd Workshop on Machine Learning for Sensory Data Analysis. New York: ACM, 2014: 4-11.
[22]	NOBLE C C, COOK D J. Graph-Based Anomaly Detection[C]// ACM SIGKDD. The Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM, 2003: 631-636.
[23]	PEROZZI B, AL-RFOU R, SKIENA S. DeepWalk: Online Learning of Social Representations[C]// ACM SIGKDD. The 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM, 2014: 701-710.
[24]	HAMILTON W, YING R, LESKOVEC J, et al. Inductive Representation Learning on Large Graphs[J]. Neural Information Processing Systems, 2017, 1(2): 1024-1034.
[25]	ESWARAN D, FALOUTSIS C, GUHA S, et al. SpotLight: Detecting Anomalies in Streaming Graphs[C]// ACM SIGKDD. KDD '18: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. New York: ACM, 2018: 1378-1386.

数据集	节点数量/个	边数量/条	是否含有标签
IDS2017	9015	692703	是
Reddit	55863	858490	是
Digg	30360	85155	否

参数	取值	参数含义
Epochs	200	训练轮次
Seed	40	种子数
Hidden_units	16	隐含层单元数量
Dropout	0.5	随机失活率
Learning rate	0.001	模型的学习率
Weight_decay	5e-4	权重衰减系数

参数	取值	参数含义
Input_dim	32	输入X的维度
Latent_dim	10-2-10	隐含层的维度
Train_iter	500	迭代次数
Learning rate	0.001	模型的学习率
Batch-Size	32	每次训练的数据量
Sigmoid	ReLU	激活函数
Optimizer	Adam	优化器

方法	IDS2017	Reddit	Digg
DeepWalk	70.3%	35.4%	69.8%
GraphSage	88.1%	82.2%	67.6%
Spotlight	86.4%	83.1%	75.3%
DGCNAE	94.3%	90.6%	83.8%