NETWORK INTRUSION DETECTION SYSTEM USING AUTO-ENCODER AND GRAPH NEURAL NETWORK

Abstract

A Network Intrusion Detection System (NIDS) is very important for keeping information safe by helping system administrators spot and identify harmful activities in networks. Numerous methods have been developed to detect anomalies reliably, but finding network anomalies accurately is still tough. To tackle problem, we suggest using a autoencoder (AE) with a Dropout model and Graph Neural Networks (GNNs) for detecting network anomalies. This method helps in extracting key features, which boosts detection accuracy. We train and test our method using the well-known NF-CSE-CIC-IDS2018, UNR-IDD, NSL-KDD, and NF-Bot-IoT datasets. Graph Neural Networks have become very popular for Network Intrusion Detection Systems (NIDS) because they are good at representing network traffic flows. Current self-learning methods using Graph Neural Networks can only classify network traffic as normal or abnormal, but cannot pinpoint the exact type of cyber attack. First, we create a component that converts graph data into learned representations, using an attention technique that focuses on the important connections between nodes. Then, we introduce a new self-learning method that trains the system by comparing and contrasting different graph examples. This approach selects central nodes, and creates subgraphs containing those nodes along with their directly connected neighbors. It also generates comparable contrasting subgraphs by modifying and interpolating the original graph data. Positive and negative samples are then constructed from these subgraphs. We also developed a new way to calculate the learning error that considers both the characteristics of the network connections as well as the local structure of the graph data. We tested our approach by measuring its performance using metrics like accuracy, recall, precision, F-score, and detection rate across different types of cyber attacks.