Dynamic anomaly detection using In-band Network Telemetry and GCN for cloud–edge collaborative networks

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-03-26 DOI:10.1016/j.cose.2025.104422

Jinchuan Pei , Yuxiang Hu , Le Tian , Xinglong Pei , Zihao Wang

{"title":"Dynamic anomaly detection using In-band Network Telemetry and GCN for cloud–edge collaborative networks","authors":"Jinchuan Pei , Yuxiang Hu , Le Tian , Xinglong Pei , Zihao Wang","doi":"10.1016/j.cose.2025.104422","DOIUrl":null,"url":null,"abstract":"<div><div>In the intelligent era of the Internet of Everything, the cloud–edge collaborative network architecture solves the data storage and computing problems caused by the exponential growth of terminal data. However, at the same time, the network attack situation is becoming increasingly severe and the types of network anomalies are complex and diverse. The traffic characteristic information collected in traditional network security situation analysis is single and coarse in granularity, which makes it difficult to completely reflect the original traffic and network equipment status. Moreover, the collection of a large amount of fine-grained telemetry data generates substantial telemetry overhead, which hinders the efficient detection of network anomalies and malicious intrusions. To solve this problem, we propose a dynamic anomaly detection method using In-band Network Telemetry (INT) and GCN for cloud–edge collaborative networks, which flexibly and efficiently collects network state information to identify network anomalies and network intrusions. Firstly, we design an anomaly telemetry architecture for cloud–edge collaborative networks and use in-band network telemetry technology of programmable network to extract network characteristic information, and then use dynamic telemetry mechanism to extract network situation elements on demand, so as to quickly identify network anomalies by information entropy method in the edge layer. According to the identified network anomaly information, we deeply telemetry the abnormal position and design a novel Graph Convolutional Network (GCN) that aggregates anomaly information named AGCN in the cloud layer, and analyze whether there is malicious intrusion by combining spatiotemporal dimensions, so that network administrators can accurately grasp the network security situation and discover malicious intrusion in time. The experimental results show that the proposed method can quickly identify network anomalies and detect network intrusions, which can quickly converge while saving telemetry overhead, and the detection accuracy of network intrusions can reach 98.69%.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104422"},"PeriodicalIF":4.8000,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001117","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In the intelligent era of the Internet of Everything, the cloud–edge collaborative network architecture solves the data storage and computing problems caused by the exponential growth of terminal data. However, at the same time, the network attack situation is becoming increasingly severe and the types of network anomalies are complex and diverse. The traffic characteristic information collected in traditional network security situation analysis is single and coarse in granularity, which makes it difficult to completely reflect the original traffic and network equipment status. Moreover, the collection of a large amount of fine-grained telemetry data generates substantial telemetry overhead, which hinders the efficient detection of network anomalies and malicious intrusions. To solve this problem, we propose a dynamic anomaly detection method using In-band Network Telemetry (INT) and GCN for cloud–edge collaborative networks, which flexibly and efficiently collects network state information to identify network anomalies and network intrusions. Firstly, we design an anomaly telemetry architecture for cloud–edge collaborative networks and use in-band network telemetry technology of programmable network to extract network characteristic information, and then use dynamic telemetry mechanism to extract network situation elements on demand, so as to quickly identify network anomalies by information entropy method in the edge layer. According to the identified network anomaly information, we deeply telemetry the abnormal position and design a novel Graph Convolutional Network (GCN) that aggregates anomaly information named AGCN in the cloud layer, and analyze whether there is malicious intrusion by combining spatiotemporal dimensions, so that network administrators can accurately grasp the network security situation and discover malicious intrusion in time. The experimental results show that the proposed method can quickly identify network anomalies and detect network intrusions, which can quickly converge while saving telemetry overhead, and the detection accuracy of network intrusions can reach 98.69%.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.