Zhenyu Jiang,Jiliang Li,Qinnan Hu,Weizhi Meng,Witold Pedrycz,Zhou Su

DOI: https://doi.org/10.1109/jiot.2024.3397364

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Network Intrusion Detection Systems (NIDSs) have emerged as a frontline defense against potential attacks in wireless Internet of Things (IoT) networks. However, existing machine learning methods follow an unstructured data processing patterns and can barely incorporate all information due to the network dynamicity as well as data imbalance. In this study, we propose Graph Isomorphism Network model based on Edge (GINE), an innovative graph-based algorithm tailored to pinpoint malicious network traffic within wireless IoT networks. Specifically, we initiate by presenting the wireless IoT network graph, capturing the global topological interactions of its edges. Subsequently, we design an edge representation learning algorithm, capable of encoding network data frames in a discerning pattern-aware manner. Moreover, we integrate a data interpolation module into the edges of our structured graph data targeting at data imbalance, which fosters a more balanced distribution across the various classes of edges. Our empirical analysis on select wireless IoT intrusion datasets shows GINE’s superiority, consistently outperforming state-of-the-art methods in classification metrics, including accuracy, F1-Score, False Alarm Rate, etc. Through a simulated wireless environment, we demonstrate GINE’s robust scalability, even in unpredictable wireless networks.

Mengyuan Lee,Guanding Yu,Geoffrey Ye Li

DOI: https://doi.org/10.1109/twc.2020.3040983

IF: 10.4

2020-01-01

IEEE Transactions on Wireless Communications

Abstract:Link scheduling in device-to-device (D2D) networks is usually formulated as a non-convex combinatorial problem, which is generally NP-hard and difficult to get the optimal solution. Traditional methods to solve this problem are mainly based on mathematical optimization techniques, where accurate channel state information (CSI), usually obtained through channel estimation and feedback, is needed. To overcome the high computational complexity of the traditional methods and eliminate the costly channel estimation stage, machine leaning (ML) has been introduced recently to address the wireless link scheduling problems. In this article, we propose a novel graph embedding based method for link scheduling in D2D networks. We first construct a fully-connected directed graph for the D2D network, where each D2D pair is a node while interference links among D2D pairs are the edges. Then we compute a low-dimensional feature vector for each node in the graph. The graph embedding process is based on the distances of both communication and interference links, therefore without requiring the accurate CSI. By utilizing a multi-layer classifier, a scheduling strategy can be learned in a supervised manner based on the graph embedding results for each node. We also propose an unsupervised manner to train the graph embedding based method to further reinforce the scalability and develop a K-nearest neighbor graph representation method to reduce the computational complexity. Extensive simulation demonstrates that the proposed method is near-optimal compared with the existing state-of-art methods but is with only hundreds of training network layouts. It is also competitive in terms of scalability and generalizability to more complicated scenarios.

Mengyuan Lee,Guanding Yu,Geoffrey Ye Li

DOI: https://doi.org/10.1109/icc40277.2020.9149089

2020-01-01

Abstract:Link scheduling for device-to-device (D2D) communications is usually formulated as an NP-hard non-convex combinatorial problem, which is difficult to get the optimal solution. Traditional methods are mainly based on mathematical optimization techniques with the help of accurate channel state information (CSI), which is costly to obtain. In this paper, we propose a graph embedding based method to achieve link scheduling without CSI for D2D communications. We first construct a fully-connected directed graph for the D2D network, and then compute a low-dimensional feature vector for each node in the graph based on the distances of both communication and interference links. Finally, a scheduling strategy can be learned based on the graph embedding results by utilizing a multi-layer classifier. Extensive simulation demonstrates that the proposed method is near-optimal compared with the existing state-of-art methods and only needs hundreds of training network layouts. It is also competitive in terms of scalability and generalizability to more complicated scenarios.

Chang Zhou,Yuqiong Liu,Xiaofei Liu,Zhongyi Liu,Jun Gao

DOI: https://doi.org/10.1609/aaai.v31i1.10878

2017-01-01

Abstract:Graph Embedding methods are aimed at mapping each vertex into a low dimensional vector space, which preserves certain structural relationships among the vertices in the original graph. Recently, several works have been proposed to learn embeddings based on sampled paths from the graph, e.g., DeepWalk, Line, Node2Vec. However, their methods only preserve symmetric proximities, which could be insufficient in many applications, even the underlying graph is undirected. Besides, they lack of theoretical analysis of what exactly the relationships they preserve in their embedding space. In this paper, we propose an asymmetric proximity preserving (APP) graph embedding method via random walk with restart, which captures both asymmetric and high-order similarities between node pairs. We give theoretical analysis that our method implicitly preserves the Rooted PageRank score for any two vertices. We conduct extensive experiments on tasks of link prediction and node recommendation on open source datasets, as well as online recommendation services in Alibaba Group, in which the training graph has over 290 million vertices and 18 billion edges, showing our method to be highly scalable and effective.

Zhichao Hu,Likun Liu,Haining Yu,Xiangzhan Yu

DOI: https://doi.org/10.1155/2021/6291276

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Cybersecurity has become an important part of our daily lives. As an important part, there are many researches on intrusion detection based on host system call in recent years. Compared to sentences, a sequence of system calls has unique characteristics. It contains implicit pattern relationships that are less sensitive to the order of occurrence and that have less impact on the classification results when the frequency of system calls varies slightly. There are also various properties such as resource consumption, execution time, predefined rules, and empirical weights of system calls. Commonly used word embedding methods, such as Bow, TI-IDF, N-Gram, and Word2Vec, do not fully exploit such relationships in sequences as well as conveniently support attribute expansion. To solve these problems, we introduce Graph Representation based Intrusion Detection (GRID), an intrusion detection framework based on graph representation learning. It captures the potential relationships between system calls to learn better features, and it is applicable to a wide range of back-end classifiers. GRID utilizes a new sequence embedding method Graph Random State Embedding (GRSE) that uses graph structures to model a finite number of sequence items and represent the structural association relationships between them. A more efficient representation of sequence embeddings is generated by random walks, word embeddings, and graph pooling. Moreover, it can be easily extended to sequences with attributes. Our experimental results on the AFDA-LD dataset show that GRID has an average improvement of 2% using the GRSE embedding method comparing to others.

Mingdong Ou,Peng Cui,Jian Pei,Ziwei Zhang,Wenwu Zhu

DOI: https://doi.org/10.1145/2939672.2939751

2016-01-01

Abstract:Graph embedding algorithms embed a graph into a vector space where the structure and the inherent properties of the graph are preserved. The existing graph embedding methods cannot preserve the asymmetric transitivity well, which is a critical property of directed graphs. Asymmetric transitivity depicts the correlation among directed edges, that is, if there is a directed path from u to v, then there is likely a directed edge from u to v. Asymmetric transitivity can help in capturing structures of graphs and recovering from partially observed graphs. To tackle this challenge, we propose the idea of preserving asymmetric transitivity by approximating high-order proximity which are based on asymmetric transitivity. In particular, we develop a novel graph embedding algorithm, High-Order Proximity preserved Embedding (HOPE for short), which is scalable to preserve high-order proximities of large scale graphs and capable of capturing the asymmetric transitivity. More specifically, we first derive a general formulation that cover multiple popular high-order proximity measurements, then propose a scalable embedding algorithm to approximate the high-order proximity measurements based on their general formulation. Moreover, we provide a theoretical upper bound on the RMSE (Root Mean Squared Error) of the approximation. Our empirical experiments on a synthetic dataset and three real-world datasets demonstrate that HOPE can approximate the high-order proximities significantly better than the state-of-art algorithms and outperform the state-of-art algorithms in tasks of reconstruction, link prediction and vertex recommendation.

Ke Lu,Zhengming Ding,Sam Ge

DOI: https://doi.org/10.1109/TITS.2012.2220965

IF: 8.5

2012-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Researchers have proposed various machine learning algorithms for traffic sign recognition, which is a supervised multicategory classification problem with unbalanced class frequencies and various appearances. We present a novel graph embedding algorithm that strikes a balance between local manifold structures and global discriminative information. A novel graph structure is designed to depict explicitly the local manifold structures of traffic signs with various appearances and to intuitively model between-class discriminative information. Through this graph structure, our algorithm effectively learns a compact and discriminative subspace. Moreover, by using $L_{2, 1}$-norm, the proposed algorithm can preserve the sparse representation property in the original space after graph embedding, thereby generating a more accurate projection matrix. Experiments demonstrate that the proposed algorithm exhibits better performance than the recent state-of-the-art methods.

Peng Chen,Yunfei Guo,Jianpeng Zhang,Hongchao Hu

DOI: https://doi.org/10.1007/978-981-16-6963-7_93

2022-01-01

Abstract:To increase the detection rate of organized attacks in cyberspace, a new intrusion detection method, i.e., EmbedLOF, is proposed which combines the network embedding and outlier detection method. The proposed method first preprocesses the captured packets, generates network undirected graph, and calculates connected components of the undirected graph. Then the Embed algorithm is utilized to generate network embedding of each node for the connected components of the undirected graph. The network embedding uses low-dimensional vectors to represent latent features in network topology. Finally, the LOF algorithm is utilized to conduct the outlier detection for each node’s embedding. Also, it issues alarms for possible intrusions. The experiment results show that the method obtains high recall scores and achieves more comprehensive and robust detections for organized attacks.

Eric L. Goodman,Chase Zimmerman,Corey Hudson

DOI: https://doi.org/10.48550/arXiv.2004.14477

2020-04-30

Abstract:One of deep learning's attractive benefits is the ability to automatically extract relevant features for a target problem from largely raw data, instead of utilizing human engineered and error prone handcrafted features. While deep learning has shown success in fields such as image classification and natural language processing, its application for feature extraction on raw network packet data for intrusion detection is largely unexplored. In this paper we modify a Word2Vec approach, used for text processing, and apply it to packet data for automatic feature extraction. We call this approach Packet2Vec. For the classification task of benign versus malicious traffic on a 2009 DARPA network data set, we obtain an area under the curve (AUC) of the receiver operating characteristic (ROC) between 0.988-0.996 and an AUC of the Precision/Recall curve between 0.604-0.667.

Machine Learning,Cryptography and Security

Zian Jia,Xiaosu Wang,Yun Xiong,Yao Zhang,JinJing Zhao

DOI: https://doi.org/10.1109/dsc55868.2022.00056

2022-01-01

Abstract:Advanced Persistent Threats (APT) are difficult to detect and defend due to their high variability and concealment. Current APT detection and investigation approaches suffer from two major problems. First, most recent models heavily rely on heuristic rules derived from a large amount of expensive prior knowledge, which in turn prevents the models from generalizing to new types of APT attacks. Second, the development of existing fully supervised models is limited by the scarcity of APT attack data. In this paper, we first construct the provenance graph by introducing logical entities to reduce the dependency on prior knowledge. Then we propose a novel self-supervised representation-learning based model, AISLE, for the investigation of the APT attack, which consists of a graph structure encoder (GSE) and an entity interaction pattern encoder (IPE). The GSE employs a graph attention auto-encoder to effectively compress the structural information of the graph; and the IPE employs a LSTM auto-encoder to extract the interaction patterns of entities from their interaction history. The two entity embeddings calculated respectively by the two auto-encoders are concatenated to form the final representation of the entity, which is evaluated by the attack investigation module to identify attack entities. Our model is evaluated on ten real-world APT attacks in a realistic virtual environment. The results show that our model can achieve superior generalization ability and consistently outperform the latest state-of-the-art APT attack investigation approaches.

Xiaohuan Lu,Jiang Long,Jie Wen,Lunke Fei,Bob Zhang,Yong Xu

DOI: https://doi.org/10.1016/j.patcog.2022.108844

IF: 8

2022-01-01

Pattern Recognition

Abstract:Preserving the intrinsic structure of data is very important for unsupervised dimensionality reduction. For structure preserving, graph embedding technique is widely considered. However, most of the existing unsupervised graph embedding based methods cannot effectively preserve the intrinsic structure of data since these methods either use the constant graph or only explore the geometric structure based on the distance information or representation information. To solve this problem, a novel method, called local-ity preserving projection with symmetric graph embedding (LPP_SGE), is proposed. LPP_SGE introduces a novel adaptive graph learning model and can obtain the intrinsic graph and projection in a unified framework by fully exploring the representation information and distance information of the original data. Different from the existing works which generally introduce no less than two constraints to cap-ture the representation information and distance information, LPP_SGE can simultaneously capture the above two kinds of structure information in one term. Moreover, LPP_SGE introduces an ' l 2 , 1 ' norm based projection constraint to select the most discriminative features from the complex data for dimensionality reduction, such that the robustness is enhanced. Experimental results on four databases and two kinds of noisy databases show that LPP_SGE performs better than many well-known methods.(c) 2022 Elsevier Ltd. All rights reserved.

Xuecheng Yu,Yan Huang,Yu Zhang,Mingyang Song,Zhenhong Jia

DOI: https://doi.org/10.32604/cmc.2023.044999

2024-01-01

Abstract:With the increasing dimensionality of network traffic, extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems (IDS). However, both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features, resulting in an analysis that is not an optimal set. Therefore, in order to extract more representative traffic features as well as to improve the accuracy of traffic identification, this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T2 and a multilayer convolutional bidirectional long short-term memory (MSC_BiLSTM) classifier model for network traffic intrusion detection. This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory (BiLSTM) network, which fully considers the influence between the before and after features. The network traffic is first characteristically downscaled by principal component analysis (PCA), and then the downscaled principal components are used as input to Hotelling’s T2 to compare the differences between groups. For datasets with outliers, Hotelling’s T2 can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers. Finally, a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data. The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision, recall and F1-score juxtaposed with the prevailing techniques. The results show that the intrusion detection accuracy, precision, and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%, 95.97%, and 90.22%.

computer science, information systems,materials science, multidisciplinary

Chongzhen Zhang,Yanli Chen,Yang Meng,Fangming Ruan,Runze Chen,Yidan Li,Yaru Yang

DOI: https://doi.org/10.1155/2021/6610675

IF: 1.968

2021-01-25

Security and Communication Networks

Abstract:Traditional machine learning-based intrusion detection often only considers a single algorithm to identify intrusion data, lack of the flexibility method, low detection rate, no handing high-dimensional data, and cannot solve these problems well. In order to improve the performance of intrusion detection system, a novel general intrusion detection framework was proposed in this paper, which consists of five parts: preprocessing module, autoencoder module, database module, classification module, and feedback module. The data processed by the preprocessing module are compressed by the autoencoder module to obtain a lower-dimensional reconstruction feature, and the classification result is obtained through the classification module. Compressed features of each traffic are stored in the database module which can both provide retraining and testing for the classification module and restore these features to the original traffic for postevent analysis and forensics. For evaluation of the framework performance proposed, simulation was conducted with the CICIDS2017 dataset to the real traffic of the network. As the experimental results, the accuracy of binary classification and multiclass classification is better than previous work, and high-level accuracy was reached for the restored traffic. At the last, the possibility was discussed on applying the proposed framework to edge/fog networks.

computer science, information systems,telecommunications

Shaosheng Cao,Wei Lu,Qiongkai Xu

DOI: https://doi.org/10.1609/aaai.v30i1.10179

2016-02-21

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:In this paper, we propose a novel model for learning graph representations, which generates a low-dimensional vector representation for each vertex by capturing the graph structural information. Different from other previous research efforts, we adopt a random surfing model to capture graph structural information directly, instead of using the sampling-based method for generating linear sequences proposed by Perozzi et al. (2014). The advantages of our approach will be illustrated from both theorical and empirical perspectives. We also give a new perspective for the matrix factorization method proposed by Levy and Goldberg (2014), in which the pointwise mutual information (PMI) matrix is considered as an analytical solution to the objective function of the skip-gram model with negative sampling proposed by Mikolov et al. (2013). Unlike their approach which involves the use of the SVD for finding the low-dimensitonal projections from the PMI matrix, however, the stacked denoising autoencoder is introduced in our model to extract complex features and model non-linearities. To demonstrate the effectiveness of our model, we conduct experiments on clustering and visualization tasks, employing the learned vertex representations as features. Empirical results on datasets of varying sizes show that our model outperforms other stat-of-the-art models in such tasks.

Shanhua Zhan,Jigang Wu,Na Han,Jie Wen,Xiaozhao Fang

DOI: https://doi.org/10.1016/j.neunet.2018.10.001

Abstract:Manifold based feature extraction has been proved to be an effective technique in dealing with the unsupervised classification tasks. However, most of the existing works cannot guarantee the global optimum of the learned projection, and they are sensitive to different noises. In addition, many methods cannot catch the discriminative information as much as possible since they only exploit the local structure of data while ignoring the global structure. To address the above problems, this paper proposes a novel graph based feature extraction method named low-rank and sparsity preserving embedding (LRSPE) for unsupervised learning. LRSPE attempts to simultaneously learn the graph and projection in a framework so that the global optimal projection can be obtained. Moreover, LRSPE exploits both global and local information of data for projection learning by imposing the low-rank and sparse constraints on the graph, which promotes the method to obtain a better performance. Importantly, LRSPE is more robust to noise by imposing the l2,1 sparsity norm on the reconstruction errors. Experimental results on both clean and noisy datasets prove that the proposed method can significantly improve classification accuracy and it is robust to different noises in comparison with the state-of-the-art methods.

Shuo Zhao,Zhongwen Guo,Xu Cheng,Sining Jiang,Wenchang Zhao,Hao Wang

DOI: https://doi.org/10.1109/tim.2023.3284932

IF: 5.6

2023-01-01

IEEE Transactions on Instrumentation and Measurement

Abstract:Intrusion event detection plays a crucial role in safeguarding national territory and large-scale critical facilities. However, modern detection methods often fail to incorporate spatial information and adequately extract multiscale information, leading to a decrease in detection accuracy. In this article, a human intrusion detection method based on distributed optical fiber sensing systems is proposed. First, a linear regression-based data preprocessing approach is proposed to identify important features in fiber-optical data and rearrange the data in a 1-D format according to spatial-temporal relationships. Then, a multiscale deep neural network architecture with a double dynamic layer skipping mechanism that enables the network to automatically retain crucial layers and concatenate multiscale features is proposed for capturing both small-scale details and large-scale long-term regularities in signal changes, leading to efficient extraction and utilization of the temporal and spatial signal information of fiber-optical data. A fiber-optical dataset of human intrusion events is also collected to evaluate the effectiveness of this method, achieving intrusion detection with an accuracy of 99.49%.

engineering, electrical & electronic,instruments & instrumentation

Wei Wang,Yiqiang Sheng,Jinlin Wang,Xuewen Zeng,Xiaozhou Ye,Yongzhong Huang,Ming Zhu

DOI: https://doi.org/10.1109/ACCESS.2017.2780250

IF: 3.9

2018-01-01

IEEE Access

Abstract:The development of an anomaly-based intrusion detection system (IDS) is a primary research direction in the field of intrusion detection. An IDS learns normal and anomalous behavior by analyzing network traffic and can detect unknown and new attacks. However, the performance of an IDS is highly dependent on feature design, and designing a feature set that can accurately characterize network traffic is still an ongoing research issue. Anomaly-based IDSs also have the problem of a high false alarm rate (FAR), which seriously restricts their practical applications. In this paper, we propose a novel IDS called the hierarchical spatial-temporal features-based intrusion detection system (HAST-IDS), which first learns the low-level spatial features of network traffic using deep convolutional neural networks (CNNs) and then learns high-level temporal features using long short-term memory networks. The entire process of feature learning is completed by the deep neural networks automatically; no feature engineering techniques are required. The automatically learned traffic features effectively reduce the FAR. The standard DARPA1998 and ISCX2012 data sets are used to evaluate the performance of the proposed system. The experimental results show that the HAST-IDS outperforms other published approaches in terms of accuracy, detection rate, and FAR, which successfully demonstrates its effectiveness in both feature learning and FAR reduction.

Jiaxing He,Xiaodan Wang,Yafei Song,Qian Xiang

DOI: https://doi.org/10.1016/j.neucom.2023.01.072

IF: 6

2023-02-04

Neurocomputing

Abstract:To solve the feature extraction problem in network intrusion detection, which is caused by large-scale high-dimensional traffic data, we propose a method based on variational Gaussian model (VGM) and one-dimensional Pyramid Depthwise Separable Convolution (PyDSC) neural network, called PyDSC-IDS. PyDSC-IDS uses VGM and OneHot encode technologies to preprocess the original dataset and decompose the complex feature into several simple ones. Pyramid convolution (PyConv) is selected for the processed multi-scale features and Depthwise Separable Convolution (DSC) is added to PyConv to reduce its network complexity. Finally, we verify the availability of the proposed method through experiments. The experimental results show that: 1) Data processed by VGM can effectively improve the detection accuracy; 2) Compared with the other three convolutional neural networks, PyDSC can significantly improve the detection accuracy at the cost of a slight increase in complexity, and PyDSC can effectively reduce the complexity of the PyConv.

computer science, artificial intelligence

Jie Zhang,Yan Wang,Jie Tang

DOI: https://doi.org/10.1109/DSC.2019.00029

2019-01-01

Abstract:Network embedding projects nodes in a network to a low-dimensional continuous space while the network structure and inherent properties are preserved. It has attracted tremendous attention recently due to its significant progress in network learning tasks, such as node classification, link prediction, and visualization. However, many network embedding works focus on the pairwise co-occurrence to depict nodes' proximity and suffer from the expensive computations due to the large volume of networks. In this paper, we take into consideration the multiple step hitting probability to model hierarchical proximities, and propose a fast and scalable spectral network embedding method, NetPHP, which learns different order embeddings and can be trained faster than SGD based methods. To evaluate the performance, we conduct the multi-label classification experiments in different large-scale real networks. The empirical results demonstrate the NetPHP algorithm outperforms other state-of-the-art methods. Besides, we also investigate the effect of different order proximities and non-adjacent node's proximities.