Cargando…

Towards Network Anomaly Detection Using Graph Embedding

In the face of endless cyberattacks, many researchers have proposed machine learning-based network anomaly detection technologies. Traditional statistical features of network flows are manually extracted and rely heavily on expert knowledge, while classifiers based on statistical features have a hig...

Descripción completa

Detalles Bibliográficos
Autores principales: Xiao, Qingsai, Liu, Jian, Wang, Quiyun, Jiang, Zhengwei, Wang, Xuren, Yao, Yepeng
Formato: Online Artículo Texto
Lenguaje:English
Publicado: 2020
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7303711/
http://dx.doi.org/10.1007/978-3-030-50423-6_12
Descripción
Sumario:In the face of endless cyberattacks, many researchers have proposed machine learning-based network anomaly detection technologies. Traditional statistical features of network flows are manually extracted and rely heavily on expert knowledge, while classifiers based on statistical features have a high false-positive rate. The communications between different hosts forms graphs, which contain a large number of latent features. By combining statistical features with these latent features, we can train better machine learning classifiers. Therefore, we propose a novel network anomaly detection method that can use latent features in graphs and reduce the false positive rate of anomaly detection. We convert network traffic into first-order and second-order graph. The first-order graph learns the latent features from the perspective of a single host, and the second-order graph learns the latent features from a global perspective. This feature extraction process does not require manual participation or expert knowledge. We use these features to train machine learning algorithm classifiers for detecting network anomalies. We conducted experiments on two real-world datasets, and the results show that our approach allows for better learning of latent features and improved accuracy of anomaly detection. In addition, our method has the ability to detect unknown attacks.