物联网入侵检测的随机特征图神经网络模型

doi:10.3778/j.issn.1002-8331.2312-0266

摘要/Abstract

摘要： 目前入侵检测主要依赖传统深度学习方法，但这种方法忽略了数据记录间的关联。图神经网络方法虽然考虑了数据记录间的相互关系，但忽略了图节点间的特征关系。提出了一种随机特征的图神经网络物联网入侵检测模型，以解决这些问题。构建了网络通信数据集的图结构。引入随机特征以丰富图节点的特征，从而提高图神经网络的表达能力。通过提取的流量相互关系来训练图神经网络，构建了一个精确检测攻击流量的入侵检测分类器。在ToN-IoT和NF-UNSW-NB15物联网数据集上进行了实验验证。实验结果表明，在二分类检测方面，与几种经典的机器学习和深度学习算法以及最新的图神经网络检测算法相比，提出的方法在准确率上最高提升了17.90和1.43个百分点。在多分类检测方面，在大多数攻击类别上的F1得分高于其他算法。此外，还通过实验确定了图神经网络的层数[K]和聚合器的最佳选择。

关键词: 图神经网络, 入侵检测, 随机特征, 物联网

Abstract: At present, intrusion detection mainly relies on traditional deep learning methods, but this method ignores the association between data records. Although the graph neural network method considers the relationship between the stream data records, it ignores the feature relationship between the graph nodes. Therefore, a random feature graph neural network iot intrusion detection model is proposed to solve these problems. The graph structure of network communication dataset is constructed. Random features are introduced to enrich the features of graph nodes, so as to improve the expression ability of graph neural network. An intrusion detection classifier is constructed to accurately detect attack traffic by training graph neural network with the extracted traffic interrelation. The experimental results show that compared with several classical machine learning and deep learning algorithms and the latest graph neural network detection algorithms, the accuracy of the proposed method can be improved by 17.90 and 1.43?percentage points. In terms of multi-classification detection, F1 scores are higher than other algorithms on most attack categories. In addition, the number of layers K of the graph neural network and the optimal selection of the aggregator are determined by experiments.

Key words: graph neural network, intrusion detection, random feature, Internet of things

罗国宇, 汪学舜, 戴锦友. 物联网入侵检测的随机特征图神经网络模型[J]. 计算机工程与应用, 2024, 60(21): 264-273.

LUO Guoyu, WANG Xueshun, DAI Jinyou. Random Feature Graph Neural Network for Intrusion Detection in Internet of Things[J]. Computer Engineering and Applications, 2024, 60(21): 264-273.

参考文献

[1] ATZORI L, IERA A, MORABITO G. Understanding the Internet of things: definition, potentials, and societal role of a fast evolving paradigm[J]. Ad Hoc Networks, 2017, 56: 122-140.
[2] ELRAWY M F, AWAD A I, HAMED H F A. Intrusion detection systems for IoT-based smart environments: a survey[J]. Journal of Cloud Computing, 2018, 7(1): 1-20.
[3] DA XU L, HE W, LI S. Internet of things in industries: a survey[J]. IEEE Transactions on Industrial Informatics, 2014, 10(4): 2233-2243.
[4] POOJA T S, SHRINIVASACHARYA P. Evaluating neural networks using bi-directional LSTM for network IDS (intrusion detection systems) in cyber security[J]. Global Transitions Proceedings, 2021, 2(2): 448-454.
[5] KIM J Y, KIM J W, KIM H, et al. CNN-based network intrusion detection against denial-of-service attacks[J]. Electronics, 2020, 9(6): 916.
[6] SOHI S M, SEIFERT J P, GANJI F. RNNIDS: enhancing network intrusion detection systems through deep learning[J]. Computers & Security, 2021, 102: 102151.
[7] LEI M, LI X, CAI B, et al. P-DNN: an effective intrusion detection method based on pruning deep neural network[C]//Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN), 2020: 1-9.
[8] OTOUM Y, NAYAK A. AS-IDS: anomaly and signature based ids for the internet of things[J]. Journal of Network and Systems Management, 2021, 29(3): 23.
[9] KARANFILOVSKA M, KOCHOVSKA T, TODOROV Z, et al. Analysis and modelling of a ML-based NIDS for IoT networks[J]. Procedia Computer Science, 2022, 204: 187-195.
[10] CHURCHER A, ULLAH R, AHMAD J, et al. An experimental analysis of attack classification using machine learning in IoT networks[J]. Sensors, 2021, 21(2): 446.
[11] MOHY-EDDINE M, GUEZZAZ A, BENKIRANE S, et al. An intrusion detection model using election-based feature selection and K-NN[J]. Microprocessors and Microsystems, 2023: 104966.
[12] WANG C, SUN Y, LV S, et al. Intrusion detection system based on one-class support vector machine and Gaussian mixture model[J]. Electronics, 2023, 12(4): 930.
[13] CHAWLA A, LEE B, FALLON S, et al. Host based intrusion detection system with combined CNN/RNN model[C]//Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Dublin, Ireland, September 10-14, 2018. Cham: Springer International Publishing, 2019: 149-158.
[14] CHEN L, KUANG X, XU A, et al. A novel network intrusion detection system based on CNN[C]//Proceedings of the 2020 Eighth International Conference on Advanced Cloud and Big Data (CBD), 2020: 243-247.
[15] BOUKHALFA A, ABDELLAOUI A, HMINA N, et al. LSTM deep learning method for network intrusion detection system[J]. International Journal of Electrical and Computer Engineering, 2020, 10(3): 3315.
[16] HE H T, SUN X B, HE H D, et al. A novel multimodal-sequential approach based on multi-view features for network intrusion detection[J]. IEEE Access, 2019, 7: 183207-183221.
[17] SUN P, LIU P, LI Q, et al. DL-IDS: extracting features using CNN-LSTM hybrid network for intrusion detection system[J]. Security and Communication Networks, 2020: 1-11.
[18] XIAO Q, LIU J, WANG Q, et al. Towards network anomaly detection using graph embedding[C]//Proceedings of the 20th International Conference on Computational Science (ICCS 2020), Amsterdam, The Netherlands, June 3-5, 2020.Cham: Springer International Publishing, 2020: 156-169.
[19] LO W W, LAYEGHY S, SARHAN M, et al. E-GraphSAGE: a graph neural network based intrusion detection system for IoT[C]// Proceedings of the 2022 IEEE/IFIP Network Operations and Management Symposium (NOMS 2022), 2022: 1-9.
[20] HAMILTON W, YING Z, LESKOVEC J. Inductive representation learning on large graphs[C]//Advances in Neural Information Processing Systems, 2017.
[21] CUI H, LU Z, LI P, et al. On positional and structural node features for graph neural networks on non-attributed graphs[C]//Proceedings of the 31st ACM International Conference on Information & Knowledge Management, 2022: 3898-3902.
[22] SATO R, YAMADA M, KASHIMA H. Random features strengthen graph neural networks[C]//Proceedings of the 2021 SIAM International Conference on Data Mining (SDM), 2021: 333-341.
[23] MOUSTAFA N. A new distributed architecture for evaluating AI-based security systems at the edge: network TON_IoT datasets[J]. Sustainable Cities and Society, 2021, 72: 102994.
[24] MOUSTAFA N, SLAY J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]//Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), 2015: 1-6.
[25] SARHAN M, LAYEGHY S, PORTMANN M. Towards a standard feature set for network intrusion detection system datasets[J]. Mobile Networks and Applications, 2022, 27: 357-370.