GNN-IDS: Graph Neural Network based Intrusion Detection System
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Article No.: 14, Pages 1 - 12
Abstract
Intrusion detection systems (IDSs) are widely used to identify anomalies in computer networks and raise alarms on intrusive behaviors. ML-based IDSs generally take network traces or host logs as input to extract patterns from individual samples, whereas the inter-dependencies of network are often not captured and learned, which may result in large amounts of uncertain predictions, false positives, and false negatives. To tackle the challenges in intrusion detection, we propose a graph neural network-based intrusion detection system (GNN-IDS), which is data-driven and machine learning-empowered. In our proposed GNN-IDS, the attack graph and real-time measurements that represent static and dynamic attributes of computer networks, respectively, are incorporated and associated to represent complex computer networks. Graph neural networks are employed as the inference engine for intrusion detection. By learning network connectivity, graph neural networks can quantify the importance of neighboring nodes and node features to make more reliable predictions. Furthermore, by incorporating an attack graph, GNN-IDS could not only detect anomalies but also identify the malicious actions causing the anomalies. The experimental results on a use case network with two synthetic datasets (one generated from public IDS data) show that the proposed GNN-IDS achieves good performance. The results are analyzed from the aspects of uncertainty, explainability, and robustness.
References
[1]
Leman Akoglu, Hanghang Tong, and Danai Koutra. 2015. Graph based anomaly detection and description: a survey. Data mining and knowledge discovery 29 (2015), 626–688.
[2]
Michael L. Artz. 2002. Netspa: A network security planning architecture. Ph. D. Dissertation. Massachusetts Institute of Technology.
[3]
Elena Basan, Maria Lapina, Nikita Mudruk, and Evgeny Abramov. 2021. Intelligent intrusion detection system for a group of UAVs. In Advances in Swarm Intelligence: 12th International Conference, ICSI 2021, Qingdao, China, July 17–21, 2021, Proceedings, Part II 12. Springer, 230–240.
[4]
Ghanshyam S Bopche and Babu M Mehtre. 2014. Attack graph generation, visualization and analysis: issues and challenges. In Security in Computing and Communications: Second International Symposium, SSCC 2014, Delhi, India, September 24-27, 2014. Proceedings 2. Springer, 379–390.
[5]
Amol Borkar, Akshay Donode, and Anjali Kumari. 2017. A survey on Intrusion Detection System (IDS) and Internal Intrusion Detection and protection system (IIDPS). In 2017 International conference on inventive computing and informatics (ICICI). IEEE, 949–953.
[6]
Bahadir Candan. 2023. Top 5 critical infrastructure cyberattacks. https://www.anapaya.net/blog/top-5-critical-infrastructure-cyberattacks [Accessed: 28th Feb 2024].
[7]
Frank Capobianco, Rahul George, Kaiming Huang, Trent Jaeger, Srikanth Krishnamurthy, Zhiyun Qian, Mathias Payer, and Paul Yu. 2019. Employing attack graphs for intrusion detection. In Proceedings of the New Security Paradigms Workshop. 16–30.
[8]
The MITRE Corporation. 1999-2024. Common Vulnerabilities and Exposures (CVE) Program.https://www.cve.org/. [Accessed: 28th Feb 2024].
[9]
Ailin Deng and Bryan Hooi. 2021. Graph neural network-based anomaly detection in multivariate time series. In Proceedings of the AAAI conference on artificial intelligence, Vol. 35. 4027–4035.
[10]
Hamdi Friji, Alexis Olivereau, and Mireille Sarkiss. 2023. Efficient Network Representation for GNN-Based Intrusion Detection. Springer Nature Switzerland, 532–554. http://dx.doi.org/10.1007/978-3-031-33488-7_20
[11]
Chuanpu Fu, Qi Li, and Ke Xu. 2023. Detecting unknown encrypted malicious traffic in real time via flow interaction graph analysis. arXiv preprint arXiv:2301.13686 (2023).
[12]
Sebastian Garcia, Martin Grill, Jan Stiborek, and Alejandro Zunino. 2014. An empirical comparison of botnet detection methods. computers & security 45 (2014), 100–123.
[13]
André Greubel, Daniela Andres, and Martin Hennecke. 2023. Analyzing Reporting on Ransomware Incidents: A Case Study. Social Sciences 12, 5 (2023). https://doi.org/10.3390/socsci12050265
[14]
Sushil Jajodia and Steven Noel. 2009. Topological vulnerability analysis. In Cyber situational awareness: Issues and research. Springer, 139–154.
[15]
Jianguo Jiang, Jiuming Chen, Tianbo Gu, Kim-Kwang R. Choo, Chao Liu, Min Yu, Weiqing Huang, and Prasant Mohapatra. 2019. Anomaly Detection with Graph Convolutional Networks for Insider Threat and Fraud Detection. In MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). 109–114. https://doi.org/10.1109/MILCOM47813.2019.9020760
[16]
Pontus Johnson, Robert Lagerström, and Mathias Ekstedt. 2018. A meta language for threat modeling and attack simulations. In Proceedings of the 13th International Conference on Availability, Reliability and Security. 1–8.
[17]
Chaitanya K Joshi, Cristian Bodnar, Simon V Mathis, Taco Cohen, and Pietro Lio. 2023. On the expressive power of geometric graph neural networks. arXiv preprint arXiv:2301.09308 (2023).
[18]
Veeramreddy Jyothsna and Koneti M. Prasad. 2019. Anomaly-based intrusion detection system. Computer and Network Security (2019), 35.
[19]
Ansam Khraisat, Iqbal Gondal, Peter Vamplew, and Joarder Kamruzzaman. 2019. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2, 1 (2019), 1–22.
[20]
Dong S. Kim, Ha-Nam Nguyen, and Jong S. Park. 2005. Genetic algorithm to improve SVM based network intrusion detection system. In 19th International Conference on Advanced Information Networking and Applications (AINA’05) Volume 1 (AINA papers), Vol. 2. IEEE, 155–158.
[21]
Hwan Kim, Byung S. Lee, Won-Yong Shin, and Sungsu Lim. 2022. Graph Anomaly Detection With Graph Neural Networks: Current Status and Challenges. IEEE Access 10 (2022), 111820–111829. https://api.semanticscholar.org/CorpusID:252595683
[22]
Thomas N Kipf and Max Welling. 2016. Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016).
[23]
Patrice Kisanga, Isaac Woungang, Issa Traore, and Glaucio HS Carvalho. 2023. Network Anomaly Detection Using a Graph Neural Network. In 2023 International Conference on Computing, Networking and Communications (ICNC). IEEE, 61–65.
[24]
Sofiane Lagraa, Jérôme François, Abdelkader Lahmadi, Marine Miner, Christian Hammerschmidt, and Radu State. 2017. BotGM: Unsupervised graph mining to detect botnets in traffic flows. In 2017 1st Cyber Security in Networking Conference (CSNet). IEEE, 1–8.
[25]
Bishal Lakha, Sara L. Mount, Edoardo Serra, and Alfredo Cuzzocrea. 2022. Anomaly Detection in Cybersecurity Events Through Graph Neural Network and Transformer Based Model: A Case Study with BETH Dataset. In 2022 IEEE International Conference on Big Data (Big Data). 5756–5764. https://doi.org/10.1109/BigData55660.2022.10020336
[26]
Harjinder S. Lallie, Kurt Debattista, and Jay Bal. 2020. A review of attack graph and attack tree visual syntax in cyber security. Computer Science Review 35 (2020), 100219.
[27]
Yujia Li, Daniel Tarlow, Marc Brockschmidt, and Richard Zemel. 2015. Gated graph sequence neural networks. arXiv preprint arXiv:1511.05493 (2015).
[28]
Wai Weng Lo, Siamak Layeghy, Mohanad Sarhan, Marcus Gallagher, and Marius Portmann. 2022. E-graphsage: A graph neural network based intrusion detection system for iot. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. IEEE, 1–9.
[29]
Aleksandar Milenkoski, Marco Vieira, Samuel Kounev, Alberto Avritzer, and Bryan D Payne. 2015. Evaluating computer intrusion detection systems: A survey of common practices. ACM Computing Surveys (CSUR) 48, 1 (2015), 1–41.
[30]
Xinming Ou, Sudhakar Govindavajhala, Andrew W Appel, 2005. MulVAL: A logic-based network security analyzer. In USENIX security symposium, Vol. 8. Baltimore, MD, 113–128.
[31]
David Pujol-Perich, José Suárez-Varela, Albert Cabellos-Aparicio, and Pere Barlet-Ros. 2022. Unveiling the potential of graph neural networks for robust intrusion detection. ACM SIGMETRICS Performance Evaluation Review 49, 4 (2022), 111–117.
[32]
Iman Sharafaldin, Arash H. Lashkari, and Ali A Ghorbani. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization.ICISSp 1 (2018), 108–116.
[33]
Oleg Sheyner and Jeannette Wing. 2003. Tools for generating and analyzing attack graphs. In International symposium on formal methods for components and objects. Springer, 344–371.
[34]
Siva S Sivatha Sindhu, Suryakumar Geetha, and Arputharaj Kannan. 2012. Decision tree based light weight intrusion detection using a wrapper approach. Expert Systems with applications 39, 1 (2012), 129–141.
[35]
S Smys, Abul Basar, Haoxiang Wang, 2020. Hybrid intrusion detection system for internet of things (IoT). Journal of ISMAC 2, 04 (2020), 190–199.
[36]
Ankit Thakkar and Ritika Lohiya. 2022. A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions. Artificial Intelligence Review 55, 1 (2022), 453–563.
[37]
Petar Velickovic, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, Yoshua Bengio, 2017. Graph attention networks. stat 1050, 20 (2017), 10–48550.
[38]
Ravi Vinayakumar, Mamoun Alazab, KP Soman, Prabaharan Poornachandran, Ameer Al-Nemrat, and Sitalakshmi Venkatraman. 2019. Deep learning approach for intelligent intrusion detection system. Ieee Access 7 (2019), 41525–41550.
[39]
Minh N. Vu and My T. Thai. 2020. PGM-Explainer: Probabilistic Graphical Model Explanations for Graph Neural Networks. arxiv:2010.05788 [cs.LG]
[40]
Ž Vujović 2021. Classification model evaluation metrics. International Journal of Advanced Computer Science and Applications 12, 6 (2021), 599–606.
[41]
Yulei Wu, Hong-Ning Dai, and Haina Tang. 2021. Graph neural networks for anomaly detection in industrial internet of things. IEEE Internet of Things Journal 9, 12 (2021), 9214–9231.
[42]
Keyulu Xu, Weihua Hu, Jure Leskovec, and Stefanie Jegelka. 2018. How powerful are graph neural networks?arXiv preprint arXiv:1810.00826 (2018).
[43]
Zhitao Ying, Dylan Bourgeois, Jiaxuan You, Marinka Zitnik, and Jure Leskovec. 2019. Gnnexplainer: Generating explanations for graph neural networks. Advances in neural information processing systems 32 (2019).
Index Terms
- GNN-IDS: Graph Neural Network based Intrusion Detection System
Recommendations
Enhancing Network Intrusion Detection with VAE-GNN
Advanced Data Mining and ApplicationsAbstractAs the network environment becomes increasingly complex, the threats it faces are becoming more severe. Intrusion detection, as a key proactive defense mechanism in network security, requires more robust and effective detection methods to address ...
The Design and Implementation of Host-Based Intrusion Detection System
IITSI '10: Proceedings of the 2010 Third International Symposium on Intelligent Information Technology and Security InformaticsIntrusion detection is the process of identifying and responding to suspicious activities targeted at computing and communication resources, and it has become the mainstream of information assurance as the dramatic increase in the number of attacks. ...
Unknown Attacks Detection Using Feature Extraction from Anomaly-Based IDS Alerts
SAINT '12: Proceedings of the 2012 IEEE/IPSJ 12th International Symposium on Applications and the InternetIntrusion Detection Systems (IDSs) play an important role detecting various kinds of attacks and defend our computer systems from them. There are basically two main types of detection techniques: signature-based and anomaly-based. A signature-based IDS ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- eSSENCE
Conference
ARES 2024
ARES 2024: The 19th International Conference on Availability, Reliability and Security
July 30 - August 2, 2024
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 1,259Total Downloads
- Downloads (Last 12 months)1,259
- Downloads (Last 6 weeks)489
Reflects downloads up to 15 Jan 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in