E-GraphSAGE: A Graph Neural Network based Intrusion Detection System

by   Wai Weng Lo, et al.

This paper presents a new network intrusion detection system (NIDS) based on Graph Neural Networks (GNNs). GNNs are a relatively new sub-field of deep neural networks, which have the unique ability to leverage the inherent structure of graph-based data. Training and evaluation data for NIDSs are typically represented as flow records, which can naturally be represented in a graph format. This establishes the potential and motivation for exploring GNNs for the purpose of network intrusion detection, which is the focus of this paper. E-GraphSAGE, our proposed new approach is based on the established GraphSAGE model, but provides the necessary modifications in order to support edge features for edge classification, and hence the classification of network flows into benign and attack classes. An extensive experimental evaluation based on six recent NIDS benchmark datasets shows the excellent performance of our E-GraphSAGE based NIDS in comparison with the state-of-the-art.


page 10

page 12


Anomal-E: A Self-Supervised Network Intrusion Detection System based on Graph Neural Networks

This paper investigates Graph Neural Networks (GNNs) application for sel...

Graph-based Solutions with Residuals for Intrusion Detection: the Modified E-GraphSAGE and E-ResGAT Algorithms

The high volume of increasingly sophisticated cyber threats is drawing g...

Exploring Edge TPU for Network Intrusion Detection in IoT

This paper explores Google's Edge TPU for implementing a practical netwo...

Intrusion-Free Graph Mixup

We present a simple and yet effective interpolation-based regularization...

Unveiling the potential of Graph Neural Networks for robust Intrusion Detection

The last few years have seen an increasing wave of attacks with serious ...

Graph Neural Network-based Android Malware Classification with Jumping Knowledge

This paper presents a new Android malware detection method based on Grap...

"Flow Size Difference" Can Make a Difference: Detecting Malicious TCP Network Flows Based on Benford's Law

Statistical characteristics of network traffic have attracted a signific...