Abstract
With the rapid advancement of network technologies, ensuring the security of network communications has become increasingly critical. Network traffic anomaly detection plays a pivotal role in identifying irregularities that threaten the security, reliability, and stability of cyberspace services. Recently, deep learning-based approaches, particularly those utilizing Graph Neural Networks (GNNs), have gained attention due to their powerful representation learning capabilities. However, these methods are limited by the receptive field of GNNs and their ability to capture temporal feature dependencies, leaving room for performance improvement. To address these limitations, we propose a novel GNN with a pre-characterization mechanism using PageRank to enhance the receptive field and improve accuracy without over-smoothing. Additionally, we incorporate a temporal attention module to capture potential temporal dependencies in the data. Our experimental results demonstrate that our method achieves a detection accuracy of 98.3%, representing a performance boost of approximately 3% compared to existing approaches.
References
Majjed Al-Qatf, Lasheng Yu, Mohammed Al-Habib, and Kamal Al-Sabahi. Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access, 6:52843–52856, 2018.
Chen Cai and Yusu Wang. A note on over-smoothing for graph neural networks. arXiv preprint arXiv:2006.13318, 2020.
Okan Can and Ozgur Koray Sahingoz. A survey of intrusion detection systems in wireless sensor networks. In 2015 6th International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO), pages 1–6. IEEE, 2015.
Liyan Chang and Paula Branco. Graph-based solutions with residuals for intrusion detection: the modified e-graphsage and e-resgat algorithms. arXiv preprint, 2021.
Leyan Deng, Defu Lian, Zhenya Huang, and Enhong Chen. Graph convolutional adversarial networks for spatiotemporal anomaly detection. IEEE Transactions on Neural Networks and Learning Systems, 33(6):2416–2428, 2022.
Ozgur Depren, Murat Topallar, Emin Anarim, and M Kemal Ciliz. An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks. Expert systems with Applications, 29(4):713–722, 2005.
Bo Dong and Xue Wang. Comparison deep learning method to traditional methods using for network intrusion detection. In 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN), pages 581–585. IEEE, 2016.
Fahimeh Farahnakian and Jukka Heikkonen. A deep auto-encoder based approach for intrusion detection system. In ICACT, 2018.
Guoli Feng, Ning Wang, Xinnan Ha, Xiaobo Li, Run Ma, and Peng Lin. Traffic anomaly detection for smart grid based on hierarchical spatial-temporal feature learning. In BMSB, 2023.
Jordan Hochenbaum, Owen S Vallis, and Arun Kejariwal. Automatic anomaly detection in the cloud via statistical learning. arXiv preprint arXiv:1704.07706, 2017.
Sepp Hochreiter and Jürgen Schmidhuber. Long short-term memory. Neural Computation, 9(8):1735–1780, 1997.
Guanbo Jia, Paul Miller, Xin Hong, Harsha Kalutarage, and Tao Ban. Anomaly detection in network traffic using dynamic graph mining with a sparse autoencoder. In TrustCom/BigDataSE, 2019.
Nicolas Keriven. Not too little, not too much: a theoretical analysis of graph (over) smoothing. Advances in Neural Information Processing Systems, 35:2268–2281, 2022.
Ae Chan Kim, Mohyun Park, and Dong Hoon Lee. AI-IDS: application of deep learning to real-time web intrusion detection. IEEE Access, 8:70245–70261, 2020.
Jihyun Kim, Jaehyun Kim, Huong Le Thi Thu, and Howon Kim. Long short term memory recurrent neural network classifier for intrusion detection. In International Conference on Platform Technology and Service, pages 1–5, 2016.
Johannes Klicpera, Aleksandar Bojchevski, and Stephan Günnemann. Predict then propagate: Graph neural networks meet personalized pagerank. In ICLR, 2019.
Zhipeng Li, Zheng Qin, Kai Huang, Xiao Yang, and Shuxiong Ye. Intrusion detection using convolutional neural networks for representation learning. In International Conference on Neural Information Processing, pages 858–866. Springer, 2017.
Wei Lin, Chen Li, Li Xu, and Kun Xie. Enhanced network traffic anomaly detection: Integration of tensor eigenvector centrality with low-rank recovery models. IEEE Transactions on Services Computing, pages 1–16, 2024.
Dan Niu, Jin Zhang, Li Wang, Kaihong Yan, Tao Fu, and Xisong Chen. A network traffic anomaly detection method based on cnn and xgboost. In 2020 Chinese Automation Congress (CAC), pages 5453–5457, 2020.
Shuyu Pei, Jigang Wen, Kun Xie, Gaogang Xie, and Kenli Li. On-line network traffic anomaly detection based on tensor sketch. IEEE Transactions on Parallel and Distributed Systems, 34(12):3028–3045, 2023.
Luyu Qiu, Yi Yang, Caleb Chen Cao, Yueyuan Zheng, Hilary Ngai, Janet Hsiao, and Lei Chen. Generating perturbation-based explanations with robustness to out-of-distribution data. In Proceedings of the ACM Web Conference 2022, pages 3594–3605, 2022.
Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, and Qi Shi. A deep learning approach to network intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence, 2(1):41–50, 2018.
Petar Veličković, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, and Yoshua Bengio. Graph attention networks. arXiv preprint, 2017.
R Vinayakumar, KP Soman, and Prabaharan Poornachandran. Applying convolutional neural network for network intrusion detection. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pages 1222–1228. IEEE, 2017.
Bo Wang, Yang Su, Mingshu Zhang, and Junke Nie. A deep hierarchical network for packet-level malicious traffic detection. IEEE Access, 8:201728–201740, 2020.
Wei Wang, Yiqiang Sheng, Jinlin Wang, Xuewen Zeng, Xiaozhou Ye, Yongzhong Huang, and Ming Zhu. HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access, 6:1792–1806, 2018.
Wenbin Yao, Bangli Pan, Yingying Hou, Xiaoyong Li, and Yamei Xia. An adaptive model filtering algorithm based on grubbs test in federated learning. Entropy, 25(5):715, 2023.
Chuanlong Yin, Yuefei Zhu, Jinlong Fei, and Xinzheng He. A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access, 5:21954–21961, 2017.
Xingtao Zuo, Cheng Fang, and Ping Han. Network traffic anomaly detection based on spatio-temporal dynamic graph. In ICEIEC, 2024.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2025 Journal of Cyber Security and Mobility