Efficient Network Representation for GNN-Based Intrusion Detection

Hamdi Friji; Alexis Olivereau; Mireille Sarkiss

doi:10.1007/978-3-031-33488-7_20

Efficient Network Representation for GNN-Based Intrusion Detection

Hamdi Friji, Alexis Olivereau, Mireille Sarkiss

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers’ activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes’ features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems’ performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.

Original language	English
Title of host publication	Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings
Editors	Mehdi Tibouchi, XiaoFeng Wang
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	532-554
Number of pages	23
ISBN (Print)	9783031334870
DOIs	https://doi.org/10.1007/978-3-031-33488-7_20
Publication status	Published - 1 Jan 2023
Event	21st International Conference on Applied Cryptography and Network Security, ACNS 2023 - Kyoto, Japan Duration: 19 Jun 2023 → 22 Jun 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13905 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Applied Cryptography and Network Security, ACNS 2023
Country/Territory	Japan
City	Kyoto
Period	19/06/23 → 22/06/23

Keywords

Artificial Intelligence
Cybersecurity
Graph Neural Network
Graph Theory
Intrusion Detection

Access to Document

10.1007/978-3-031-33488-7_20

Cite this

Friji, H., Olivereau, A., & Sarkiss, M. (2023). Efficient Network Representation for GNN-Based Intrusion Detection. In M. Tibouchi, & X. Wang (Eds.), Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings (pp. 532-554). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13905 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-33488-7_20

Friji, Hamdi ; Olivereau, Alexis ; Sarkiss, Mireille. / Efficient Network Representation for GNN-Based Intrusion Detection. Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings. editor / Mehdi Tibouchi ; XiaoFeng Wang. Springer Science and Business Media Deutschland GmbH, 2023. pp. 532-554 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7a4bdccffb394785b087ddf6592d163b,

title = "Efficient Network Representation for GNN-Based Intrusion Detection",

abstract = "The last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers{\textquoteright} activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes{\textquoteright} features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems{\textquoteright} performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.",

keywords = "Artificial Intelligence, Cybersecurity, Graph Neural Network, Graph Theory, Intrusion Detection",

author = "Hamdi Friji and Alexis Olivereau and Mireille Sarkiss",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 21st International Conference on Applied Cryptography and Network Security, ACNS 2023 ; Conference date: 19-06-2023 Through 22-06-2023",

year = "2023",

month = jan,

day = "1",

doi = "10.1007/978-3-031-33488-7\_20",

language = "English",

isbn = "9783031334870",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "532--554",

editor = "Mehdi Tibouchi and XiaoFeng Wang",

booktitle = "Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings",

}

Friji, H, Olivereau, A & Sarkiss, M 2023, Efficient Network Representation for GNN-Based Intrusion Detection. in M Tibouchi & X Wang (eds), Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13905 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 532-554, 21st International Conference on Applied Cryptography and Network Security, ACNS 2023, Kyoto, Japan, 19/06/23. https://doi.org/10.1007/978-3-031-33488-7_20

Efficient Network Representation for GNN-Based Intrusion Detection. / Friji, Hamdi; Olivereau, Alexis; Sarkiss, Mireille.
Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings. ed. / Mehdi Tibouchi; XiaoFeng Wang. Springer Science and Business Media Deutschland GmbH, 2023. p. 532-554 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13905 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Efficient Network Representation for GNN-Based Intrusion Detection

AU - Friji, Hamdi

AU - Olivereau, Alexis

AU - Sarkiss, Mireille

PY - 2023/1/1

Y1 - 2023/1/1

N2 - The last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers’ activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes’ features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems’ performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.

AB - The last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages, which reveals the need for network intrusion detection approaches to assist in preventing cyber-attacks and reducing their risks. In this work, we propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task, such as malicious behavior patterns, the relation between phases of multi-step attacks, and the relation between spoofed and pre-spoofed attackers’ activities. In addition, we present a Graph Neural Network (GNN) based-framework responsible for exploiting the proposed graph structure to classify communication flows by assigning them a maliciousness score. The framework comprises three main steps that aim to embed nodes’ features and learn relevant attack patterns from the network representation. Finally, we highlight a potential data leakage issue with classical evaluation procedures and suggest a solution to ensure a reliable validation of intrusion detection systems’ performance. We implement the proposed framework and prove that exploiting the flow-based graph structure outperforms the classical machine learning-based and the previous GNN-based solutions.

KW - Artificial Intelligence

KW - Cybersecurity

KW - Graph Neural Network

KW - Graph Theory

KW - Intrusion Detection

U2 - 10.1007/978-3-031-33488-7_20

DO - 10.1007/978-3-031-33488-7_20

M3 - Conference contribution

AN - SCOPUS:85163323920

SN - 9783031334870

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 532

EP - 554

BT - Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings

A2 - Tibouchi, Mehdi

A2 - Wang, XiaoFeng

PB - Springer Science and Business Media Deutschland GmbH

T2 - 21st International Conference on Applied Cryptography and Network Security, ACNS 2023

Y2 - 19 June 2023 through 22 June 2023

ER -

Friji H, Olivereau A, Sarkiss M. Efficient Network Representation for GNN-Based Intrusion Detection. In Tibouchi M, Wang X, editors, Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 532-554. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-33488-7_20