Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Detecting Contextual Network Anomalies with Graph Neural Networks (2312.06342v1)

Published 11 Dec 2023 in cs.LG, cs.AI, and cs.NI

Abstract: Detecting anomalies on network traffic is a complex task due to the massive amount of traffic flows in today's networks, as well as the highly-dynamic nature of traffic over time. In this paper, we propose the use of Graph Neural Networks (GNN) for network traffic anomaly detection. We formulate the problem as contextual anomaly detection on network traffic measurements, and propose a custom GNN-based solution that detects traffic anomalies on origin-destination flows. In our evaluation, we use real-world data from Abilene (6 months), and make a comparison with other widely used methods for the same task (PCA, EWMA, RNN). The results show that the anomalies detected by our solution are quite complementary to those captured by the baselines (with a max. of 36.33% overlapping anomalies for PCA). Moreover, we manually inspect the anomalies detected by our method, and find that a large portion of them can be visually validated by a network expert (64% with high confidence, 18% with mid confidence, 18% normal traffic). Lastly, we analyze the characteristics of the anomalies through two paradigmatic cases that are quite representative of the bulk of anomalies.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (23)
  1. A survey of network anomaly detection techniques. Journal of Network and Computer Applications 60 (2016), 19–31.
  2. Relational inductive biases, deep learning, and graph networks. arXiv preprint arXiv:1806.01261 (2018).
  3. Learning long-term dependencies with gradient descent is difficult. IEEE transactions on neural networks 5, 2 (1994), 157–166.
  4. Network anomaly detection: methods, systems and tools. IEEE communications surveys & tutorials 16, 1 (2013), 303–336.
  5. Ailin Deng and Bryan Hooi. 2021. Graph neural network-based anomaly detection in multivariate time series. In Proceedings of the AAAI conference on artificial intelligence, Vol. 35. 4027–4035.
  6. Detecting network performance anomalies with contextual anomaly detection. In IEEE International Workshop on Measurement and Networking (M&N). 1–6.
  7. Anomaly detection in cyber physical systems using recurrent neural networks. In IEEE 18th International Symposium on High Assurance Systems Engineering (HASE). 140–145.
  8. DC-VAE, Fine-grained Anomaly Detection in Multivariate Time-Series with Dilated Convolutions and Variational Auto Encoders. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 287–293.
  9. Michael A Hayes and Miriam AM Capretz. 2014. Contextual anomaly detection in big sensor data. In IEEE International Congress on Big Data. 64–71.
  10. Graph convolutional networks for traffic anomaly. arXiv preprint arXiv:2012.13637 (2020).
  11. Diagnosing network-wide traffic anomalies. ACM SIGCOMM computer communication review 34, 4 (2004), 219–230.
  12. GraphDDoS: Effective DDoS Attack Detection Using Graph Neural Networks. In 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 1275–1280.
  13. Unveiling the potential of graph neural networks for robust intrusion detection. ACM SIGMETRICS Performance Evaluation Review 49, 4 (2022), 111–117.
  14. Sensitivity of PCA for traffic anomaly detection. In ACM SIGMETRICS. 109–120.
  15. Unveiling the potential of graph neural networks for network modeling and optimization in SDN. In Proceedings of the 2019 ACM Symposium on SDN Research. 140–151.
  16. Graph neural networks for scalable radio resource management: Architecture design and theoretical analysis. IEEE Journal on Selected Areas in Communications 39, 1 (2020), 101–115.
  17. Graph neural networks for communication networks: Context, use cases and opportunities. IEEE network (2022).
  18. Adaptive EWMA Method based on abnormal network traffic for LDoS attacks. Mathematical Problems in Engineering 2014 (2014).
  19. Tranad: Deep transformer networks for anomaly detection in multivariate time series data. arXiv preprint arXiv:2201.07284 (2022).
  20. Graph attention networks. arXiv preprint arXiv:1710.10903 (2017).
  21. Anomaly transformer: Time series anomaly detection with association discrepancy. arXiv preprint arXiv:2110.02642 (2021).
  22. Network anomography. In Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement. 30–30.
  23. Graph neural networks: A review of methods and applications. AI open 1 (2020), 57–81.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now