作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2024, Vol. 50 ›› Issue (11): 236-245. doi: 10.19678/j.issn.1000-3428.0068390

• 网络空间安全 • 上一篇    下一篇

基于图边缘特征注意力的入侵检测模型

沈学利, 刘士枫*()   

  1. 辽宁工程技术大学软件学院, 辽宁 葫芦岛 125105
  • 收稿日期:2023-09-17 出版日期:2024-11-15 发布日期:2024-04-01
  • 通讯作者: 刘士枫
  • 基金资助:
    国家自然科学基金(62173171)

Intrusion Detection Model Based on Graph Edge Feature Attention

SHEN Xueli, LIU Shifeng*()   

  1. School of Software, Liaoning Technical University, Huludao 125105, Liaoning, China
  • Received:2023-09-17 Online:2024-11-15 Published:2024-04-01
  • Contact: LIU Shifeng

摘要:

入侵检测是一种网络安全技术, 旨在检测和防止未经授权的访问或攻击。现有入侵检测模型对于分布均匀的网络数据具备良好的检测性能, 但是网络中相关数据往往是不平衡的, 现有模型对少数类攻击数据的检测率低。针对上述问题, 提出一种基于图边缘特征注意力的入侵检测模型。首先, 挖掘数据内部隐藏的图结构关系, 并将数据进行归一化处理, 对样本数据的原始特征进行更新, 将数据转换成图结构; 其次, 使用图池化操作对图节点进行下采样, 降低计算复杂度, 利用图边缘特征注意力对采样后的图进行边缘特征加权聚合, 提高模型的表征能力, 将聚合后的边缘特征与节点特征拼接, 生成节点嵌入, 拼接源节点与目标节点嵌入形成边缘嵌入; 最后, 将边缘嵌入输入分类器转换成类别概率进行分类。在数据集UNSW-NB15和NSL_KDD上的对比实验结果表明, 该模型能够有效检测出少数类攻击数据, 相比现有模型提升了对不平衡数据的检测精度, 多分类检测准确率分别达到0.992 9和0.976 6。

关键词: 入侵检测, 不平衡数据, 图神经网络, 图边缘特征注意力, 边缘分类

Abstract:

Intrusion detection is a cybersecurity technique designed to detect and prevent unauthorized access or attacks. Existing intrusion detection models demonstrate good detection performance for evenly distributed network data. However, network-related data are often imbalanced. Current models exhibit low detection rates for minority class attack data. To address these issues, this study proposes a novel intrusion detection model based on graph edge feature attention. The study first explores hidden graph structural relationships in the data and then normalizes the data to transform them into a graph structure. The study then employs graph pooling operations to downsample the graph nodes, thereby reducing computational complexity. Graph edge feature attention is then applied to aggregate the weighted edge features of the sampled graph, thus enhancing the representation capabilities of the model. Next, the study concatenates the aggregated edge features with the node features to generate node embeddings. The study then further concatenates embeddings of the source and target nodes to form edge embeddings. Finally, the edge embeddings are input into a classifier to convert them into category probabilities for classification purposes. The study conducts comparative experiments on the UNSW-NB15 and NSL_KDD datasets to demonstrate that the proposed model effectively detects minority class attack data. Compared with existing models, the proposed model improves the detection accuracy for imbalanced data, achieving classification accuracy rates of 0.992 9 and 0.976 6 in multiclass detection on the two datasets, respectively.

Key words: intrusion detection, imbalanced data, Graph Neural Network(GNN), graph edge feature attention, edge classification