基于超图神经网络的恶意流量分类模型

doi:10.11959/j.issn.2096-109x.2023069

Abstract

Abstract:

As the use and reliance on networks continue to grow, the prevalence of malicious network traffic poses a significant challenge in the field of network security.Cyber attackers constantly seek new ways to infiltrate systems, steal data, and disrupt network services.To address this ongoing threat, it is crucial to develop more effective intrusion detection systems that can promptly detect and counteract malicious network traffic, thereby minimizing the resulting losses.However, current methods for classifying malicious traffic have limitations, particularly in terms of excessive reliance on data feature selection.To improve the accuracy of malicious traffic classification, a novel malicious traffic classification model based on Hypergraph Neural Networks (HGNN) was proposed.The traffic data was represented as hypergraph structures and HGNN was utilized to capture the spatial features of the traffic.By considering the interrelations among traffic data, HGNN provided a more accurate representation of the characteristics of malicious traffic.Additionally, to handle the temporal features of traffic data, Recurrent Neural Networks (RNN) was introduced to further enhance the model’s classification performance.The extracted spatiotemporal features were then used for the classification of malicious traffic, aiding in the detection of potential threats within the network.Through a series of ablative experiments, the effectiveness of the HGNN+RNN method was verified.These experiments demonstrate the model’s ability to efficiently extract spatiotemporal features from traffic, resulting in improved classification performance for malicious traffic.The model achieved outstanding classification accuracy across three widely-used open-source datasets: NSL-KDD (94% accuracy), UNSW-NB15 (95.6% accuracy), and CIC-IDS-2017 (99.08% accuracy).These results underscore the potential significance of the malicious traffic classification model based on hypergraph neural networks in enhancing network security and its capacity to better address the evolving landscape of network threats within the domain of network security.

Key words: malicious traffic, cyberattack, hypergraph neural network, recurrent neural network

CLC Number:

TP399

Wenbo ZHAO, Zitong MA, Zhe YANG. Model of the malicious traffic classification based on hypergraph neural network[J]. Chinese Journal of Network and Information Security, 2023, 9(5): 166-177.

Figures/Tables 15

HGNN层数	RNN层数	准确率	时间
0	0	88.90%	14s
0	1	94.85%	20s
0	2	97.45%	57s
0	3	96.60%	1m28s
1	0	96.35%	2m17s
1	1	$99 . 50 %$	$2 m 30 s$
1	2	99.45%	2m39s
1	3	99.45%	2m56s
2	0	98.90%	4m35s
2	1	99.25%	4m49s
2	2	99.30%	4m55s
2	3	99.35%	5m13s
3	0	98.95%	6m50s
3	1	99.05%	7m2s
3	2	99.10%	7m13s
3	3	99.35%	7m25s

模型	准确率	精确率	召回率	F1值
CART	87.03%	79.56%	96.04%	87.03%
SVM	89.02%	82.58%	96.04%	88.80%
KNN	83.33%	74.04%	$97 . 36 %$	84.11%
RNN-IDS^[16]	83.28%	—	—	—
DNN^[11]	92.54%	—	90.90%	—
本文	$94 . 00 %$	$94 . 12 %$	94.00%	$94 . 06 %$

模型	准确率	精确率	召回率	F1值
CART	92.00%	88.10%	92.50%	90.24%
SVM	88.50%	89.04%	81.25%	84.97%
KNN	91.00%	93.06%	83.75%	88.16%
SGC-LSTM ^[18]	91.67%	—	89.89%	—
ADS^[14]	92.40%	—	93.00%	—
本文	$95 . 60 %$	$95 . 68 %$	$95 . 46 %$	$95 . 56 %$

模型	准确率	精确率	召回率	F1值
CART	98.90%	98.96%	98.90%	98.85%
SVM	97.31%	97.24%	97.31%	97.27%
KNN	98.60%	98.53%	98.60%	98.54%
Hybrid IDS^[15]	96.67%	—	—	—
SMOTE-LSTM^[12]	98.90%	98.90%	98.90%	98.90%
本文	$99 . 08 %$	$99 . 09 %$	$99 . 08 %$	$99 . 08 %$

References 32

[1]	ROBERTS E . Bad bot report 2020:bad bots strike back[J]. Imperva Blog, 2020.
[2]	BHUYAN M H , BHATTACHARYYA D K , KALITA J K . Network anomaly detection:methods,systems and tools[J]. IEEE Communications Surveys ＆ Tutorials, 2013,16(1): 303-336.
[3]	WIDIPUTRA H D . Clustering based intrusion detection for network profiling using k-means ecm and k-nearest neighbor[J]. Konferensi Nasional Sistem Dan Informatika, 2009: 247-251.
[4]	ZANERO S , SAVARESI S M . Unsupervised learning techniques for an intrusion detection system[C]// Proceedings of the 2004 ACM Symposium on Applied Computing. 2004: 412-419.
[5]	ALI A , SALEH A , RAMDAN T . Multilayer perceptrons networks for an intelligent adaptive intrusion detection system[J]. International Journal of Computer Science and Network Security, 2010,10(2): 275.
[6]	KWON D , KIM H , KIM J ,et al. A survey of deep learning-based network anomaly detection[J]. Cluster Computing, 2019,22(1): 949-961.
[7]	STALLINGS W . Network security essentials:applications and standards[M]. USA: Pearson, 2017.
[8]	ZHANG F , WANG D . An effective feature selection approach for network intrusion detection[C]// 2013 IEEE Eighth International Conference on Networking,Architecture and Storage. 2013: 307-311.
[9]	VIJAYANAND R , DEVARAJ D , KANNAPIRAN B . Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithm-based feature selection[J]. Computers ＆ Security, 2018,77: 304-314.
[10]	LU X , LIU P , LIN J . Network traffic anomaly detection based on information gain and deep learning[C]// Proceedings of the 2019 3rd International Conference on Information System and Data Mining. 2019: 11-15.
[11]	TANG T A , MHAMDI L , MC-LERNON D , et al . Deep learning approach for network intrusion detection in software defined networking[C]// 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM). 2016: 258-263.
[12]	WANG J H , SEPTIAN T W . Combining oversampling with recurrent neural networks for intrusion detection[C]// International Conference on Database Systems for Advanced Applications. 2021: 305-320.
[13]	HUBBALLI N , SURYANARAYANAN V . False alarm minimization techniques in signature-based intrusion detection systems:a survey[J]. Computer Communications, 2014,49: 1-17.
[14]	MUNA A L H , MOUSTAFA N , SITNIKOVA E . Identification of malicious activities in industrial internet of things based on deep learning models[J]. Journal of Information Security and Applications, 2018,41: 1-11.
[15]	AHMIM A , MAGLARAS L , FERRAG M A ,et al. A novel hierarchical intrusion detection system based on decision tree and rules-based models[C]// 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). 2019: 228-233.
[16]	YIN C , ZHU Y , FEI J ,et al. A deep learning approach for intrusion detection using recurrent neural networks[J]. IEEE Access, 2017,5: 21954-21961.
[17]	ZHANG J , LING Y , FU X ,et al. Model of the intrusion detection system based on the integration of spatial-temporal features[J]. Computers ＆ Security, 2020,89:101681.
[18]	LIU X , LIU J . Malicious traffic detection combined deep neural network with hierarchical attention mechanism[J]. Scientific Reports, 2021,11(1): 1-15.
[19]	ZHOU D , HUANG J , SCH?LKOPF B . Learning with hypergraphs:clustering,classification,and embedding[C]// Twentieth Annual Conference on Neural Information Processing Systems(NIPS 2006). 2007: 1601-1608.
[20]	KIPF T N , WELLING M . Semi-supervised classification with graph convolutional networks[J]. arXiv Preprint arXiv:1609.02907, 2016.
[21]	FENG Y , YOU H , ZHANG Z ,et al. Hypergraph neural networks[C]// Proceedings of the AAAI Conference on Artificial Intelligence. 2019: 3558-3565.
[22]	KARPATHY A . The unreasonable effectiveness of recurrent neural networks[J]. Andrej Karpathy Blog, 2015,21:23.
[23]	BERGE C . Hypergraphs:combinatorics of finite sets[M]. Elsevier, 1984.
[24]	GASTI P , TSUDIK G , UZUN E ,et al. DoS and DDoS in named data networking[C]// 2013 22nd International Conference on Computer Communication and Networks (ICCCN). 2013: 1-7.
[25]	ZAREMBA W , SUTSKEVER I , VINYALS O . Recurrent neural network regularization[J]. arXiv Preprint arXiv:1409.2329, 2014.
[26]	TAVALLAEE M , BAGHERI E , LU W ,et al. A detailed analysis of the KDD CUP 99 data set[C]// 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. 2009: 1-6.
[27]	MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// 2015 Military Communications and Information Systems Conference (MilCIS). 2015: 1-6.
[28]	MOUSTAFA N , SLAY J . The evaluation of network anomaly detection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information Security Journal:A Global Perspective, 2016,25(1-3): 18-31.
[29]	MOUSTAFA N , SLAY J , CREECH G . Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks[J]. IEEE Transactions on Big Data, 2017,5(4): 481-494.
[30]	MOUSTAFA N , CREECH G , SLAY J . Big data analytics for intrusion detection system:statistical decision-making using finite dirichlet mixture models[M]// Data Analytics and Decision Support for Cybersecurity. 2017: 127-156.
[31]	SARHAN M , LAYEGHY S , MOUSTAFA N ,et al. Netflow datasets for machine learning-based network intrusion detection systems[M]// Big Data Technologies and Applications. 2020: 117-135.
[32]	SHARAFALDIN I , LASHKARI A H , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]// ICISSP. 2018: 108-116.

Metrics

Recommended 0

No Suggested Reading articles found!

Model of the malicious traffic classification based on hypergraph neural network

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 32

Related Articles 3

Metrics

Recommended 0

[1]	Jian JIA,Linfeng LIU,Jiagao WU. Charging pile recommendation method for idle electric taxis based on recurrent neural network [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 152-163.
[2]	Mingfang ZHAI,Xingming ZHANG,Bo ZHAO. Survey of encrypted malicious traffic detection based on deep learning [J]. Chinese Journal of Network and Information Security, 2020, 6(3): 66-77.
[3]	Chen GAO,Fan ZHANG. Survey of FPGA based recurrent neural network accelerator [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 1-13.