[4Xin1-47] New Graph Composition Method based on Sets of Flow Data and its Application to Anomaly Traffic Detection with Graph Neural Networks
Keywords:Anomaly traffic detection, Graph neural network, IoT
In recent years, with the spread of IoT devices, households have begun to use multiple IoT devices connected to their home networks. While the number of IoT devices is increasing, countermeasures against cyber-attacks on IoT devices have become an important issue. Various methods, including deep learning, have been proposed for detecting anomalous communications caused by a malware infection, such as DoS attacks and scanning attacks. Recently, anomaly detection methods based on Graph Neural Networks (GNNs) have attracted attention. In previous research using GNNs, a graph is mainly used in which communicating hosts are nodes and communications between hosts are edges. This method can detect anomalous traffic, such as DoS attacks, but it is difficult to detect anomalous traffic, such as C2 communications, which are difficult to distinguish from benign traffics. We propose a new graph construction method to detect such malware traffic that can represent functional units' communication order and cohesion from continuous flow data. We combined our method with a GNN-based anomaly detection model and conducted evaluation experiments on anomaly detection using the KDDI-IoT-2019 dataset. Our method improved the detection accuracy compared to conventional methods.
Authentication for paper PDF access
A password is required to view paper PDFs. If you are a registered participant, please log on the site from Participant Log In.
You could view the PDF with entering the PDF viewing password bellow.