基于GATv2的网络入侵异常检测方法

Network Intrusion Anomaly Detection with GATv2

【目的】随着网络环境日益复杂化,其所遭受的威胁也愈发严重。入侵检测作为网络安全主动防御的重要手段之一,需要提供更健壮、更有效的检测方法来应对这些挑战。【方法】图神经网络在异常检测方面表现优异。本文基于GATv2(一种改进的图神经网络方法)来构建网络入侵检测的图神经网络方法E-ResGATv2。具体来说,首先将网络流量数据构建成网络流量图,然后通过图形转换来将流量图转换成适合图神经网络处理的图形,以此检测入侵异常流量,并将残差学习集成到图神经网络聚合信息的过程中。【结果】在两个公开入侵检测数据集上的实验结果表明,E-ResGATv2方法的检测效果要好于原始图神经方法,并且具有更强的抗噪能力。【结论】在与机器学习方法取得相似检测效果的情况下,图神经网络方法表现出更强的抗干扰能力,这在复杂多变的网络环境中具有实际意义。

[Objective]As the network environment becomes increasingly complex,the threats it faces are also becoming increasingly serious.As one of the important means of Active Defense for network security,intrusion detection needs to provide more robust and effective detection methods to meet these challenges.[Methods]The graph neural network performs excellently in anomaly detection.This article is based on GATv2(an improved graph neural network method)to construct the graph neural network method E-ResGATv2 for network intrusion detection.Specifically,we first construct network traffic data into a network traffic graph and then convert the graph into a graph suitable for graph neural network processing through graph transformation to detect intrusion anomaly traffic.We integrate residual learning into the process of graph neural network aggregation information.[Results]The experimental results on two publicly available intrusion detection datasets show that the E-ResGATv2 method has better detection performance than the original graph neural network method and stronger noise resistance.[Conclusions]When achieving similar detection results with machine learning methods,graph neural network methods exhibit stronger anti-interference ability,which is more practical in complex and ever-changing network environments.