Towards Network Anomaly Detection Using Graph Embedding

Xiao, Qingsai; Liu, Jian; Wang, Quiyun; Jiang, Zhengwei; Wang, Xuren; Yao, Yepeng

doi:10.1007/978-3-030-50423-6_12

Cited by 32 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Public datasets/software GNN-based solutions Point anomaly Secure water treatment (SWaT), water distribution system (WADI), and critical infrastructure security showdown (CISS) datasets [123], [124], [125] Contextual anomaly SWaT, WADI and BATADAL datasets, as well as the Xcos software and epanetCPA toolbox [124], [125], [126], [127], [128] Collective anomaly LITNET-2020, M2M Using OPC UA, WUSTL-IIoT-2018 and KDD 1999 datasets, as well as the Xcos software and the epanetCPA tool [129], [130], [131] fault flaw overheat defect Fig. 6.…”

Section: Type Of Anomaliesmentioning

confidence: 99%

“…Statistical features of the data, such as network traffic are very important for detecting contextual anomalies, but they were usually carried out manually using expert knowledge. To avoid manual extraction of statistical features, Xiao et al [127] developed an approach with two graphs: first-order graph and second-order graph. The former learns the latent features from a single entity such as a host or a variable, and the latter learns the latent features from a global point of view.…”

Section: B Contextualmentioning

confidence: 99%

See 1 more Smart Citation

Graph Neural Networks for Anomaly Detection in Industrial Internet of Things

Dai

Tang

2022

IEEE Internet Things J.

112

View full text Add to dashboard Cite

The Industrial Internet of Things (IIoT) plays an important role in digital transformation of traditional industries towards Industry 4.0. By connecting sensors, instruments and other industry devices to the Internet, IIoT facilitates the data collection, data analysis, and automated control, thereby improving the productivity and efficiency of the business as well as the resulting economic benefits. Due to the complex IIoT infrastructure, anomaly detection becomes an important tool to ensure the success of IIoT. Due to the nature of IIoT, graph-level anomaly detection has been a promising means to detect and predict anomalies in many different domains such as transportation, energy and factory, as well as for dynamically evolving networks. This paper provides a useful investigation on graph neural networks (GNN) for anomaly detection in IIoTenabled smart transportation, smart energy and smart factory. In addition to the GNN-empowered anomaly detection solutions on point, contextual, and collective types of anomalies, useful datasets, challenges and open issues for each type of anomalies in the three identified industry sectors (i.e., smart transportation, smart energy and smart factory) are also provided and discussed, which will be useful for future research in this area. To demonstrate the use of GNN in concrete scenarios, we show three case studies in smart transportation, smart energy, and smart factory, respectively.

show abstract

Section: Type Of Anomaliesmentioning

confidence: 99%

Section: B Contextualmentioning

confidence: 99%

Graph Neural Networks for Anomaly Detection in Industrial Internet of Things

Dai

Tang

2022

IEEE Internet Things J.

112

View full text Add to dashboard Cite

show abstract

“…In [22] the authors devise an IDS that, based on a double graph embedding, expand an original set of features into a new one containing graph embedding information. Their overall approach is vaguely similar to ours, however the embedding procedure and classification algorithms are not related.…”

Section: A Related Workmentioning

confidence: 99%

Unsupervised Abnormal Traffic Detection through Topological Flow Analysis

Irofti¹,

Pătraşcu²,

Hîji³

2022

Preprint

View full text Add to dashboard Cite

Cyberthreats are a permanent concern in our modern technological world. In the recent years, sophisticated traffic analysis techniques and anomaly detection (AD) algorithms have been employed to face the more and more subversive adversarial attacks. A malicious intrusion, defined as an invasive action intending to illegally exploit private resources, manifests through unusual data traffic and/or abnormal connectivity pattern. Despite the plethora of statistical or signaturebased detectors currently provided in the literature, the topological connectivity component of a malicious flow is less exploited. Furthermore, a great proportion of the existing statistical intrusion detectors are based on supervised learning, that relies on labeled data. By viewing network flows as weighted directed interactions between a pair of nodes, in this paper we present a simple method that facilitate the use of connectivity graph features in unsupervised anomaly detection algorithms. We test our methodology on real network traffic datasets and observe several improvements over standard AD.

show abstract

“…Xiao et al [9] proposed a graph embedding approach to perform anomaly detection on network flows. The authors first converted the network flows into a first-order and secondorder graph.…”

Section: B Gnn-based Nidssmentioning

confidence: 99%

E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT

Lo¹,

Layeghy²,

Sarhan³

et al. 2021

Preprint

View full text Add to dashboard Cite

This paper presents a new network intrusion detection system (NIDS) based on Graph Neural Networks (GNNs). GNNs are a relatively new sub-field of deep neural networks, which have the unique ability to leverage the inherent structure of graph-based data. Training and evaluation data for NIDSs are typically represented as flow records, which can naturally be represented in a graph format. This establishes the potential and motivation for exploring GNNs for the purpose of network intrusion detection, which is the focus of this paper. E-GraphSAGE, our proposed new approach is based on the established Graph-SAGE model, but provides the necessary modifications in order to support edge features for edge classification, and hence the classification of network flows into benign and attack classes. An extensive experimental evaluation based on six recent NIDS benchmark datasets shows the excellent performance of our E-GraphSAGE based NIDS in comparison with the state-of-the-art.

show abstract

Towards Network Anomaly Detection Using Graph Embedding

Cited by 32 publications

References 13 publications

Graph Neural Networks for Anomaly Detection in Industrial Internet of Things

Graph Neural Networks for Anomaly Detection in Industrial Internet of Things

Unsupervised Abnormal Traffic Detection through Topological Flow Analysis

E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT

Contact Info

Product

Resources

About