|
| Abstract: |
| With network attack technology continuing to develop, traditional anomaly traffic detection methods that rely on feature engineering are increasingly insufficient in efficiency and accuracy. Graph Neural Network (GNN), a promising Deep Learning (DL) approach, has proven to be highly effective in identifying intricate patterns in graph-structured data and has already found wide applications in the field of network security. In this paper, we propose a hybrid Graph Convolutional Network (GCN)-GraphSAGE model for Anomaly Traffic Detection, namely HGS-ATD, which aims to improve the accuracy of anomaly traffic detection by leveraging edge feature learning to better capture the relationships between network entities. We validate the HGS-ATD model on four publicly available datasets, including NF-UNSW-NB15-v2. The experimental results show that the enhanced hybrid model is 5.71% to 10.25% higher than the baseline model in terms of accuracy, and the F1-score is 5.53% to 11.63% higher than the baseline model, proving that the model can effectively distinguish normal traffic from attack traffic and accurately classify various types of attacks. |
| Key words: anomaly traffic detection graph neural network deep learning graph convolutional network |
| DOI:10.11916/j.issn.1005-9113.2025008 |
| Clc Number:TP393 |
| Fund: |
|
| Descriptions in Chinese: |
| HGS-ATD:一种用于异常流量检测的混合图卷积网络-GraphSAGE模型 崔治安,李海龙,沈燮阳 火箭军工程大学作战保障学院,西安 710025 摘要: 随着网络攻击技术的持续发展,依赖于特征工程的传统异常流量检测方法在效率和准确性上日益无法满足需求。具有广阔前景的深度学习方法—图神经网络,因其在识别图结构数据的复杂模式方面具有显著效果,已在网络安全领域得到广泛应用。本文提出一种用于异常流量检测的混合图卷积网络(GCN)-GraphSAGE模型,即HGS-ATD。该模型通过利用边缘特征学习更好地获取网络实体间的关系,从而提高异常流量检测的准确性。本文在四个公开可用的数据集(包括NF-UNSW-NB15-v2)上验证了HGS-ATD模型的可行性。实验结果表明,该增强型混合模型的准确性比基线模型高5.71%-10.25%,F1-Score比基线模型高5.53%-11.63%,验证了该模型能够有效区分正常流量与攻击流量,并准确分类各种类型攻击。 关键词: 异常流量检测;图神经网络;深度学习;图卷积网络 |
