Graph-NIDS: Detecting Network Intrusions via HGT-Based Edge Classification on Network Traffic Graphs
摘要
The emergence of sophisticated cyber threats calls for the evolution of sophisticated Network Intrusion Detection Systems (NIDS). Even though graph-based approaches have been promising, they have mostly concerned with node classification to determine the bad actors. This paper provides a new framework that recontextualizes the NIDS challenge as a marginal concern classification problem on a heterogeneous graph. We assume that classifying the boundaries (relations) between network objects as harmful or benign offers a more timely and efficient means of intrusion detection. In order to achieve this, we build a heterogeneous graph from network flow data and employ a Heterogeneous Graph Transformer (HGT) model, which is designed to maintain the integrity of instructional and semantic detail formation present in such graphs. The model is trained and tested on a large dataset from the UNSW-NB15 dataset. Our experiments show that the edge classification method greatly outperforms a conventional node classification baseline, achieving superior accuracy, precision, and recall. These results illustrate the potential of edge-centric GNN models for constructing more efficient and complete network intrusion detection systems.