Network Intrusion Detection System Based on Socket Address Structure Information
In the past few years,the growing network attacks have seriously threatened the social economy and pri-vacy security,which requires an accurate network intrusion detection system.The existing mainstream network intru-sion detection systems based on machine learning usually deal with network traffic independently.Due to the rise of graph neural network technology,many studies have begun to use graph neural network technology to capture the rela-tionship between traffic in recent years.However,they did not capture the socket address structure of traffic,that is,the structure information between the host IP address and its port number.This structure information is very important for the detection of some network attacks that rely on the host IP address and port as the entry point.Therefore,a net-work intrusion detection system combined with socket address structure information is proposed.The network intrusion detection improves the structural relationship between traffic through a new graph representation method that can save the structural information between the IP address and its port number,and proposes a new message passing mechanism to adapt the graph representation method.The experimental results show that the proposed graph convolu-tion network model can achieve better performance on the famous CIC-IDS2017 and CSE-CIC-IDS2018 datasets.
NETL
NSTL
万方数据
