{"title":"基于图神经网络的流量会话异常检测","authors":"Peng Du, Chengwei Peng, Peng Xiang, Qingshan Li","doi":"10.1145/3584714.3584715","DOIUrl":null,"url":null,"abstract":"In recent years, with the development of network technology, methods of network security threats have emerged in endlessly. Most of the existing network anomaly detection researches cannot meet the requirements of network security detection. The traditional network anomaly detection methods based on static rule matching and machine learning don't perform well in the complex and dynamic network environment, and it is highly dependent on the statistical features designed by the expert in the specific domain. This paper proposes a traffic session anomaly detection method based on graph neural network, called TSGNN, which extracts the protocol features from the original Packet Capture(PACP) file and form the session representation, further use the gate recurrent unit(GRU) to extract the internal characteristics of the traffic data protocol field, then constructs a directed graph from session packet structure relationships and uses the graph neural network model to learn association features between graph nodes, and finally inputs the graph representation feature vector into fully connected network layer for classification. The experimental results show that our method is superior to the existing research in the evaluation indicators on the CSE-CIC-IDS2018 datasets.","PeriodicalId":112952,"journal":{"name":"Proceedings of the 2022 International Conference on Cyber Security","volume":"446 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Anomaly detection of traffic session based on graph neural network\",\"authors\":\"Peng Du, Chengwei Peng, Peng Xiang, Qingshan Li\",\"doi\":\"10.1145/3584714.3584715\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, with the development of network technology, methods of network security threats have emerged in endlessly. Most of the existing network anomaly detection researches cannot meet the requirements of network security detection. The traditional network anomaly detection methods based on static rule matching and machine learning don't perform well in the complex and dynamic network environment, and it is highly dependent on the statistical features designed by the expert in the specific domain. This paper proposes a traffic session anomaly detection method based on graph neural network, called TSGNN, which extracts the protocol features from the original Packet Capture(PACP) file and form the session representation, further use the gate recurrent unit(GRU) to extract the internal characteristics of the traffic data protocol field, then constructs a directed graph from session packet structure relationships and uses the graph neural network model to learn association features between graph nodes, and finally inputs the graph representation feature vector into fully connected network layer for classification. The experimental results show that our method is superior to the existing research in the evaluation indicators on the CSE-CIC-IDS2018 datasets.\",\"PeriodicalId\":112952,\"journal\":{\"name\":\"Proceedings of the 2022 International Conference on Cyber Security\",\"volume\":\"446 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2022 International Conference on Cyber Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3584714.3584715\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 International Conference on Cyber Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3584714.3584715","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Anomaly detection of traffic session based on graph neural network
In recent years, with the development of network technology, methods of network security threats have emerged in endlessly. Most of the existing network anomaly detection researches cannot meet the requirements of network security detection. The traditional network anomaly detection methods based on static rule matching and machine learning don't perform well in the complex and dynamic network environment, and it is highly dependent on the statistical features designed by the expert in the specific domain. This paper proposes a traffic session anomaly detection method based on graph neural network, called TSGNN, which extracts the protocol features from the original Packet Capture(PACP) file and form the session representation, further use the gate recurrent unit(GRU) to extract the internal characteristics of the traffic data protocol field, then constructs a directed graph from session packet structure relationships and uses the graph neural network model to learn association features between graph nodes, and finally inputs the graph representation feature vector into fully connected network layer for classification. The experimental results show that our method is superior to the existing research in the evaluation indicators on the CSE-CIC-IDS2018 datasets.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
