{"title":"基于时序对比图学习的鲁棒网络入侵检测","authors":"Cong Wu;Jianfei Sun;Jing Chen;Mamoun Alazab;Yang Liu;Yang Xiang","doi":"10.1109/TIFS.2025.3530702","DOIUrl":null,"url":null,"abstract":"In the era of zero trust security models and next-generation networks (NGN), the primary challenge is that network nodes may be untrusted, even if they have been verified, necessitating continuous validation and scrutiny. Effective intrusion detection systems (IDS) are crucial for continuously monitoring network traffic and identifying potential threats. However, traditional IDS approaches often struggle to keep pace with evolving threats, requiring extensive supervised training on labeled datasets. This limitation leads to high false positive rates, low detection accuracy, and a failure to provide real-time detection, thereby undermining the security of NGNs. This paper proposed the first self-supervised learning-based IDS, designed on temporal contrastive graph neural network (GNN), namely <inline-formula> <tex-math>$\\mathsf{TCG}\\text{-}\\mathsf{IDS}$ </tex-math></inline-formula>. It innovatively integrates three contrastive learning strategies: temporal contrasting to capture temporal dependencies, asymmetric contrasting to account for the diverse interactions within network data, and masked contrasting to enhance the learning of node representations by masking parts of the data during training. Performance evaluation was conducted on two publicly available network traffic datasets, NF-CSE-CIC-IDS2018-V2 and NF-UNSW-NB15-V2. <inline-formula> <tex-math>$\\mathsf{TCG}\\text{-}\\mathsf{IDS}$ </tex-math></inline-formula> achieved a balanced accuracy of 99.48% and 91.48% on two datasets respectively, significantly outperforming state-of-the-art graph learning models. In multi-class detection, <inline-formula> <tex-math>$\\mathsf{TCG}\\text{-}\\mathsf{IDS}$ </tex-math></inline-formula> attained a mean false positive rate of 4.15% and 3.34% on the two datasets respectively. Besides, it exhibits high efficiency with its running time of 0.37s and 0.51s on the two datasets to predict per batch of 100 samples. Results highlight the effectiveness and efficiency of <inline-formula> <tex-math>$\\mathsf{TCG}\\text{-}\\mathsf{IDS}$ </tex-math></inline-formula> in accurately detecting various types of network intrusions. This work significantly advances the field of network intrusion detection via self-supervised temporal graph learning, offering a promising solution for future network security systems.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1475-1486"},"PeriodicalIF":6.3000,"publicationDate":"2025-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\" $\\\\mathsf{TCG}\\\\text{-}\\\\mathsf{IDS}$ : Robust Network Intrusion Detection via Temporal Contrastive Graph Learning\",\"authors\":\"Cong Wu;Jianfei Sun;Jing Chen;Mamoun Alazab;Yang Liu;Yang Xiang\",\"doi\":\"10.1109/TIFS.2025.3530702\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the era of zero trust security models and next-generation networks (NGN), the primary challenge is that network nodes may be untrusted, even if they have been verified, necessitating continuous validation and scrutiny. Effective intrusion detection systems (IDS) are crucial for continuously monitoring network traffic and identifying potential threats. However, traditional IDS approaches often struggle to keep pace with evolving threats, requiring extensive supervised training on labeled datasets. This limitation leads to high false positive rates, low detection accuracy, and a failure to provide real-time detection, thereby undermining the security of NGNs. This paper proposed the first self-supervised learning-based IDS, designed on temporal contrastive graph neural network (GNN), namely <inline-formula> <tex-math>$\\\\mathsf{TCG}\\\\text{-}\\\\mathsf{IDS}$ </tex-math></inline-formula>. It innovatively integrates three contrastive learning strategies: temporal contrasting to capture temporal dependencies, asymmetric contrasting to account for the diverse interactions within network data, and masked contrasting to enhance the learning of node representations by masking parts of the data during training. Performance evaluation was conducted on two publicly available network traffic datasets, NF-CSE-CIC-IDS2018-V2 and NF-UNSW-NB15-V2. <inline-formula> <tex-math>$\\\\mathsf{TCG}\\\\text{-}\\\\mathsf{IDS}$ </tex-math></inline-formula> achieved a balanced accuracy of 99.48% and 91.48% on two datasets respectively, significantly outperforming state-of-the-art graph learning models. In multi-class detection, <inline-formula> <tex-math>$\\\\mathsf{TCG}\\\\text{-}\\\\mathsf{IDS}$ </tex-math></inline-formula> attained a mean false positive rate of 4.15% and 3.34% on the two datasets respectively. Besides, it exhibits high efficiency with its running time of 0.37s and 0.51s on the two datasets to predict per batch of 100 samples. Results highlight the effectiveness and efficiency of <inline-formula> <tex-math>$\\\\mathsf{TCG}\\\\text{-}\\\\mathsf{IDS}$ </tex-math></inline-formula> in accurately detecting various types of network intrusions. This work significantly advances the field of network intrusion detection via self-supervised temporal graph learning, offering a promising solution for future network security systems.\",\"PeriodicalId\":13492,\"journal\":{\"name\":\"IEEE Transactions on Information Forensics and Security\",\"volume\":\"20 \",\"pages\":\"1475-1486\"},\"PeriodicalIF\":6.3000,\"publicationDate\":\"2025-01-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Information Forensics and Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10847774/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10847774/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
In the era of zero trust security models and next-generation networks (NGN), the primary challenge is that network nodes may be untrusted, even if they have been verified, necessitating continuous validation and scrutiny. Effective intrusion detection systems (IDS) are crucial for continuously monitoring network traffic and identifying potential threats. However, traditional IDS approaches often struggle to keep pace with evolving threats, requiring extensive supervised training on labeled datasets. This limitation leads to high false positive rates, low detection accuracy, and a failure to provide real-time detection, thereby undermining the security of NGNs. This paper proposed the first self-supervised learning-based IDS, designed on temporal contrastive graph neural network (GNN), namely $\mathsf{TCG}\text{-}\mathsf{IDS}$ . It innovatively integrates three contrastive learning strategies: temporal contrasting to capture temporal dependencies, asymmetric contrasting to account for the diverse interactions within network data, and masked contrasting to enhance the learning of node representations by masking parts of the data during training. Performance evaluation was conducted on two publicly available network traffic datasets, NF-CSE-CIC-IDS2018-V2 and NF-UNSW-NB15-V2. $\mathsf{TCG}\text{-}\mathsf{IDS}$ achieved a balanced accuracy of 99.48% and 91.48% on two datasets respectively, significantly outperforming state-of-the-art graph learning models. In multi-class detection, $\mathsf{TCG}\text{-}\mathsf{IDS}$ attained a mean false positive rate of 4.15% and 3.34% on the two datasets respectively. Besides, it exhibits high efficiency with its running time of 0.37s and 0.51s on the two datasets to predict per batch of 100 samples. Results highlight the effectiveness and efficiency of $\mathsf{TCG}\text{-}\mathsf{IDS}$ in accurately detecting various types of network intrusions. This work significantly advances the field of network intrusion detection via self-supervised temporal graph learning, offering a promising solution for future network security systems.
期刊介绍:
The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
