Edge-featured multi-hop attention graph neural network for intrusion detection system

Abstract

With the development of the Internet, the application of computer technology has rapidly become widespread, driving the progress of Internet of Things (IoT) technology. The attacks present on networks have become more complex and stealthy. However, traditional network intrusion detection systems with singular functions are no longer sufficient to meet current demands. While some machine learning-based network intrusion detection systems have emerged, traditional machine learning methods cannot effectively respond to the complex and dynamic nature of network attacks. Intrusion detection systems utilizing deep learning can better enhance detection capabilities through diverse data learning and training. To capture the topological relationships in network data, using graph neural networks (GNNs) is most suitable. Most existing GNNs for intrusion detection use multi-layer network training, which may lead to over-smoothing issues. Additionally, current intrusion detection solutions often lack efficiency. To mitigate the issues mentioned above, this paper proposes an Edge-featured Multi-hop Attention Graph Neural Network for Intrusion Detection System (EMA-IDS), aiming to improve detection performance by capturing more features from data flows. Our method enhances computational efficiency through attention propagation and integrates node and edge features, fully leveraging data characteristics. We carried out experiments on four public datasets, which are NF-CSE-CIC-IDS2018-v2, NF-UNSW-NB15-v2, NF-BoT-IoT, and NF-ToN-IoT. Compared with existing models, our method demonstrated superior performance.