Anomal-E: A Self-Supervised Network Intrusion Detection System based on Graph Neural Networks

  title={Anomal-E: A Self-Supervised Network Intrusion Detection System based on Graph Neural Networks},
  author={Evan Caville and Wai Weng Lo and Siamak Layeghy and Marius Portmann},
  journal={Knowl. Based Syst.},
This paper investigates Graph Neural Networks (GNNs) application for self-supervised intrusion and anomaly detection in computer networks. GNNs are a deep learning approach for graph-based data that incorporate graph structures into learning to generalise graph representations and output embeddings. As tra ffi c flows in computer networks naturally exhibit a graph structure, GNNs are a suitable fit in this context. The majority of current implementations of GNN-based Network Intrusion Detection… 

Figures and Tables from this paper



E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT

This proposal is the first successful, practical, and extensively evaluated approach of applying GNNs on the problem of network intrusion detection for IoT using flow-based data, and outperforms the state-of-the-art in terms of key classification metrics.

Graph-based Solutions with Residuals for Intrusion Detection: the Modified E-GraphSAGE and E-ResGAT Algorithms

Two novel graph-based solutions for intrusion detection are presented, the modified E-GraphSAGE and E-ResGAT algorithms, which rely on the established GraphSAGES and graph attention network (GAT), respectively, which integrate residual learning into the GNN leveraging the available graph information.

Towards Network Anomaly Detection Using Graph Embedding

This work proposes a novel network anomaly detection method that can use latent features in graphs and reduce the false positive rate of anomaly detection, and has the ability to detect unknown attacks.

NetFlow Datasets for Machine Learning-based Network Intrusion Detection Systems

Preliminary results indicate that NetFlow features lead to similar binary-class results and lower multi-class classification results amongst the four datasets compared to their respective original features datasets.

On Generalisability of Machine Learning-based Network Intrusion Detection Systems

This paper investigates the generalisability property of ML-based NIDSs by extensively evaluating seven supervised and unsupervised learning models on four recently published benchmark NIDS datasets and indicates that none of the considered models is able to generalise over all studied datasets.

Towards a Standard Feature Set for Network Intrusion Detection System Datasets

The proposed NetFlow-based NIDS feature set, together with four benchmark datasets, allow a fair comparison of ML-based network traffic classifiers across different NIDS datasets and can help bridge the gap between academic research and the practical deployment of such systems.

Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data

This paper introduces a unified and unique graph representation called security objects’ graphs, which mixes and links events of different kinds and allows a rich description of the activities to be analyzed, and proposes an unsupervised learning approach based on auto-encoder to detect anomalies in these graphs.

Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization

A reliable dataset is produced that contains benign and seven common attack network flows, which meets real world criteria and is publicly avaliable and evaluates the performance of a comprehensive set of network traffic features and machine learning algorithms to indicate the best set of features for detecting the certain attack categories.