当前位置:
X-MOL 学术
›
arXiv.cs.CR
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Unveiling the potential of Graph Neural Networks for robust Intrusion Detection
arXiv - CS - Cryptography and Security Pub Date : 2021-07-30 , DOI: arxiv-2107.14756 David Pujol-Perich, José Suárez-Varela, Albert Cabellos-Aparicio, Pere Barlet-Ros
arXiv - CS - Cryptography and Security Pub Date : 2021-07-30 , DOI: arxiv-2107.14756 David Pujol-Perich, José Suárez-Varela, Albert Cabellos-Aparicio, Pere Barlet-Ros
The last few years have seen an increasing wave of attacks with serious
economic and privacy damages, which evinces the need for accurate Network
Intrusion Detection Systems (NIDS). Recent works propose the use of Machine
Learning (ML) techniques for building such systems (e.g., decision trees,
neural networks). However, existing ML-based NIDS are barely robust to common
adversarial attacks, which limits their applicability to real networks. A
fundamental problem of these solutions is that they treat and classify flows
independently. In contrast, in this paper we argue the importance of focusing
on the structural patterns of attacks, by capturing not only the individual
flow features, but also the relations between different flows (e.g., the
source/destination hosts they share). To this end, we use a graph
representation that keeps flow records and their relationships, and propose a
novel Graph Neural Network (GNN) model tailored to process and learn from such
graph-structured information. In our evaluation, we first show that the
proposed GNN model achieves state-of-the-art results in the well-known
CIC-IDS2017 dataset. Moreover, we assess the robustness of our solution under
two common adversarial attacks, that intentionally modify the packet size and
inter-arrival times to avoid detection. The results show that our model is able
to maintain the same level of accuracy as in previous experiments, while
state-of-the-art ML techniques degrade up to 50% their accuracy (F1-score)
under these attacks. This unprecedented level of robustness is mainly induced
by the capability of our GNN model to learn flow patterns of attacks structured
as graphs.
中文翻译:
揭示图神经网络在鲁棒入侵检测方面的潜力
在过去几年中,越来越多的攻击浪潮对经济和隐私造成严重损害,这表明需要准确的网络入侵检测系统 (NIDS)。最近的工作建议使用机器学习 (ML) 技术来构建此类系统(例如,决策树、神经网络)。然而,现有的基于 ML 的 NIDS 对常见的对抗性攻击几乎没有鲁棒性,这限制了它们在实际网络中的适用性。这些解决方案的一个基本问题是它们独立地处理和分类流。相比之下,在本文中,我们认为关注攻击的结构模式的重要性,不仅要捕获单个流特征,还要捕获不同流之间的关系(例如,它们共享的源/目标主机)。为此,我们使用保留流记录及其关系的图形表示,并提出了一种新颖的图形神经网络(GNN)模型,用于处理和学习这种图形结构的信息。在我们的评估中,我们首先表明所提出的 GNN 模型在著名的 CIC-IDS2017 数据集中取得了最先进的结果。此外,我们评估了我们的解决方案在两种常见对抗性攻击下的稳健性,这些攻击有意修改数据包大小和到达间隔时间以避免检测。结果表明,我们的模型能够保持与之前实验相同的准确度水平,而最先进的 ML 技术在这些攻击下将其准确度(F1 分数)降低了 50%。
更新日期:2021-08-02
中文翻译:
揭示图神经网络在鲁棒入侵检测方面的潜力
在过去几年中,越来越多的攻击浪潮对经济和隐私造成严重损害,这表明需要准确的网络入侵检测系统 (NIDS)。最近的工作建议使用机器学习 (ML) 技术来构建此类系统(例如,决策树、神经网络)。然而,现有的基于 ML 的 NIDS 对常见的对抗性攻击几乎没有鲁棒性,这限制了它们在实际网络中的适用性。这些解决方案的一个基本问题是它们独立地处理和分类流。相比之下,在本文中,我们认为关注攻击的结构模式的重要性,不仅要捕获单个流特征,还要捕获不同流之间的关系(例如,它们共享的源/目标主机)。为此,我们使用保留流记录及其关系的图形表示,并提出了一种新颖的图形神经网络(GNN)模型,用于处理和学习这种图形结构的信息。在我们的评估中,我们首先表明所提出的 GNN 模型在著名的 CIC-IDS2017 数据集中取得了最先进的结果。此外,我们评估了我们的解决方案在两种常见对抗性攻击下的稳健性,这些攻击有意修改数据包大小和到达间隔时间以避免检测。结果表明,我们的模型能够保持与之前实验相同的准确度水平,而最先进的 ML 技术在这些攻击下将其准确度(F1 分数)降低了 50%。
京公网安备 11010802027423号