EG-ConMix: An Intrusion Detection Method based on Graph Contrastive Learning

As the number of IoT devices increases, security concerns become more prominent. The impact of threats can be minimized by deploying Network Intrusion Detection System (NIDS) by monitoring network traffic, detecting and discovering intrusions, and issuing security alerts promptly. Most intrusion det...

Full description

Saved in:
Bibliographic Details
Main Authors Wu, Lijin, Lei, Shanshan, Liao, Feilong, Zheng, Yuanjun, Liu, Yuxin, Fu, Wentao, Song, Hao, Zhou, Jiajun
Format Journal Article
LanguageEnglish
Published 24.03.2024
Subjects
Online AccessGet full text

Cover

Loading…
Abstract As the number of IoT devices increases, security concerns become more prominent. The impact of threats can be minimized by deploying Network Intrusion Detection System (NIDS) by monitoring network traffic, detecting and discovering intrusions, and issuing security alerts promptly. Most intrusion detection research in recent years has been directed towards the pair of traffic itself without considering the interrelationships among them, thus limiting the monitoring of complex IoT network attack events. Besides, anomalous traffic in real networks accounts for only a small fraction, which leads to a severe imbalance problem in the dataset that makes algorithmic learning and prediction extremely difficult. In this paper, we propose an EG-ConMix method based on E-GraphSAGE, incorporating a data augmentation module to fix the problem of data imbalance. In addition, we incorporate contrastive learning to discern the difference between normal and malicious traffic samples, facilitating the extraction of key features. Extensive experiments on two publicly available datasets demonstrate the superior intrusion detection performance of EG-ConMix compared to state-of-the-art methods. Remarkably, it exhibits significant advantages in terms of training speed and accuracy for large-scale graphs.
AbstractList As the number of IoT devices increases, security concerns become more prominent. The impact of threats can be minimized by deploying Network Intrusion Detection System (NIDS) by monitoring network traffic, detecting and discovering intrusions, and issuing security alerts promptly. Most intrusion detection research in recent years has been directed towards the pair of traffic itself without considering the interrelationships among them, thus limiting the monitoring of complex IoT network attack events. Besides, anomalous traffic in real networks accounts for only a small fraction, which leads to a severe imbalance problem in the dataset that makes algorithmic learning and prediction extremely difficult. In this paper, we propose an EG-ConMix method based on E-GraphSAGE, incorporating a data augmentation module to fix the problem of data imbalance. In addition, we incorporate contrastive learning to discern the difference between normal and malicious traffic samples, facilitating the extraction of key features. Extensive experiments on two publicly available datasets demonstrate the superior intrusion detection performance of EG-ConMix compared to state-of-the-art methods. Remarkably, it exhibits significant advantages in terms of training speed and accuracy for large-scale graphs.
Author Lei, Shanshan
Song, Hao
Liao, Feilong
Liu, Yuxin
Wu, Lijin
Zheng, Yuanjun
Fu, Wentao
Zhou, Jiajun
Author_xml – sequence: 1
  givenname: Lijin
  surname: Wu
  fullname: Wu, Lijin
– sequence: 2
  givenname: Shanshan
  surname: Lei
  fullname: Lei, Shanshan
– sequence: 3
  givenname: Feilong
  surname: Liao
  fullname: Liao, Feilong
– sequence: 4
  givenname: Yuanjun
  surname: Zheng
  fullname: Zheng, Yuanjun
– sequence: 5
  givenname: Yuxin
  surname: Liu
  fullname: Liu, Yuxin
– sequence: 6
  givenname: Wentao
  surname: Fu
  fullname: Fu, Wentao
– sequence: 7
  givenname: Hao
  surname: Song
  fullname: Song, Hao
– sequence: 8
  givenname: Jiajun
  surname: Zhou
  fullname: Zhou, Jiajun
BackLink https://doi.org/10.48550/arXiv.2403.17980$$DView paper in arXiv
BookMark eNotj7FOwzAURT3AAIUPYMI_kPBc24nNVoUSKqVi6R49x6_UEjiVY6ry97SF6d47nCudW3YVx0iMPQgoldEanjAdw6GcK5ClqK2BG9Yt26IZ4zocn_ki8lXM6XsKY-QvlGnI57amvBs9dziR56fdJtzv-AnKCaccDsQ7whRD_Lhj11v8nOj-P2ds87rcNG9F996umkVXYFVD4QYSSoDQEr1WTgknbSWFrDwSKK0G64xBjbXVFgeott4DDdJUDufgwMgZe_y7vej0-xS-MP30Z63-oiV_AduPSOM
ContentType Journal Article
Copyright http://arxiv.org/licenses/nonexclusive-distrib/1.0
Copyright_xml – notice: http://arxiv.org/licenses/nonexclusive-distrib/1.0
DBID AKY
GOX
DOI 10.48550/arxiv.2403.17980
DatabaseName arXiv Computer Science
arXiv.org
DatabaseTitleList
Database_xml – sequence: 1
  dbid: GOX
  name: arXiv.org
  url: http://arxiv.org/find
  sourceTypes: Open Access Repository
DeliveryMethod fulltext_linktorsrc
ExternalDocumentID 2403_17980
GroupedDBID AKY
GOX
ID FETCH-LOGICAL-a670-bce1410153ad54b41b3963136dae0454c9b88a5a7959ac06fdd0ec386ba20b083
IEDL.DBID GOX
IngestDate Fri Mar 29 12:25:22 EDT 2024
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed false
IsScholarly false
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-a670-bce1410153ad54b41b3963136dae0454c9b88a5a7959ac06fdd0ec386ba20b083
OpenAccessLink https://arxiv.org/abs/2403.17980
ParticipantIDs arxiv_primary_2403_17980
PublicationCentury 2000
PublicationDate 2024-03-24
PublicationDateYYYYMMDD 2024-03-24
PublicationDate_xml – month: 03
  year: 2024
  text: 2024-03-24
  day: 24
PublicationDecade 2020
PublicationYear 2024
Score 1.9158756
SecondaryResourceType preprint
Snippet As the number of IoT devices increases, security concerns become more prominent. The impact of threats can be minimized by deploying Network Intrusion...
SourceID arxiv
SourceType Open Access Repository
SubjectTerms Computer Science - Cryptography and Security
Computer Science - Learning
Title EG-ConMix: An Intrusion Detection Method based on Graph Contrastive Learning
URI https://arxiv.org/abs/2403.17980
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwdZ09T8MwEIat0okFgQCVT3lgNaSOYxy2qrQpiMJSpG7V-SOoi4vaCvXnc-cEwcIYx4vfJH7Pyt1zjN0UEnwI_VJYdHOhbKkEOG1EQHfJdcidSuXR01c9eVfP82LeYfynFgbWu-VXwwe2mzuCxd0SUgsP5XtSUspW9TZvfk4mFFc7_3cexphp6I9JjA_ZQRvd8UHzOI5YJ8Rj9jKqxHAVp8vdAx9E_hSpzgHl4I9hmxKhIp-mPs6cLMVzvK4II82JHLWGDW1IvOWgfpyw2Xg0G05E28RAgL7PhHWBMilxXwFfKKv6NsdXHmXwEIh-50prDBRALb_BZbr2PgsuN9qCzCzGR6esG1cx9Bj3tStd4U1tDB4ztLVSZlDjNyprnTsoz1gvLX3x2XAqFqTKIqly_v-tC7Yv0acprUqqS9ZFCcIV-uzWXiexvwEgwXzO
link.rule.ids 228,230,780,885
linkProvider Cornell University
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=EG-ConMix%3A+An+Intrusion+Detection+Method+based+on+Graph+Contrastive+Learning&rft.au=Wu%2C+Lijin&rft.au=Lei%2C+Shanshan&rft.au=Liao%2C+Feilong&rft.au=Zheng%2C+Yuanjun&rft.date=2024-03-24&rft_id=info:doi/10.48550%2Farxiv.2403.17980&rft.externalDocID=2403_17980