Jinfu Chen,Yemin Yin,Saihua Cai,Weijia Wang,Shengran Wang,Jiming Chen

DOI: https://doi.org/10.1016/j.scico.2024.103156

IF: 1.039

2024-01-01

Science of Computer Programming

Abstract:Software vulnerability detection is a challenging task in the security field, the boom of deep learning technology promotes the development of automatic vulnerability detection. Compared with sequence-based deep learning models, graph neural network (GNN) can learn the structural features of code, it performs well in the field of vulnerability detection for source code. However, different GNNs have different detection results for the same code, and using a single kind of GNN may lead to high false positive rate and false negative rate. In addition, the complex structure of source code causes single GNN model cannot effectively learn their depth feature, thereby leading to low detection accuracy. To solve these limitations, we propose a software vulnerability detection model called iGnnVD based on the integrated graph neural networks. In the proposed iGnnVD model, the base detectors including GCN, GAT and APPNP are first constructed to capture the bidirectional information in the code graph structure with bidirectional structure; And then, the residual connection is used to aggregate the features while retaining the features each time; Finally, the convolutional layer is used to perform the aggregated classification. In addition, an integration module that analyses the detection results of three detectors for final classification is designed using a voting strategy to solve the problem of high false positive rate and false negative rate caused by using a single kind of base detector. We perform extensive experiments on three datasets and experimental results show that the proposed iGnnVD model can improve the detection accuracy of vulnerabilities in source code as well as reduce the false positive rate and false negative rate compared with existing deep learning-based vulnerability detection models, it also has good stability.

David Pujol-Perich,José Suárez-Varela,Albert Cabellos-Aparicio,Pere Barlet-Ros

DOI: https://doi.org/10.48550/arXiv.2107.14756

2021-07-31

Abstract:The last few years have seen an increasing wave of attacks with serious economic and privacy damages, which evinces the need for accurate Network Intrusion Detection Systems (NIDS). Recent works propose the use of Machine Learning (ML) techniques for building such systems (e.g., decision trees, neural networks). However, existing ML-based NIDS are barely robust to common adversarial attacks, which limits their applicability to real networks. A fundamental problem of these solutions is that they treat and classify flows independently. In contrast, in this paper we argue the importance of focusing on the structural patterns of attacks, by capturing not only the individual flow features, but also the relations between different flows (e.g., the source/destination hosts they share). To this end, we use a graph representation that keeps flow records and their relationships, and propose a novel Graph Neural Network (GNN) model tailored to process and learn from such graph-structured information. In our evaluation, we first show that the proposed GNN model achieves state-of-the-art results in the well-known CIC-IDS2017 dataset. Moreover, we assess the robustness of our solution under two common adversarial attacks, that intentionally modify the packet size and inter-arrival times to avoid detection. The results show that our model is able to maintain the same level of accuracy as in previous experiments, while state-of-the-art ML techniques degrade up to 50% their accuracy (F1-score) under these attacks. This unprecedented level of robustness is mainly induced by the capability of our GNN model to learn flow patterns of attacks structured as graphs.

Cryptography and Security,Artificial Intelligence,Machine Learning,Networking and Internet Architecture

Renjie Xu,Guangwei Wu,Weiping Wang,Xing Gao,An He,Zhengpeng Zhang

2024-03-03

Abstract:Graph Neural Networks (GNNs) have garnered intensive attention for Network Intrusion Detection System (NIDS) due to their suitability for representing the network traffic flows. However, most present GNN-based methods for NIDS are supervised or semi-supervised. Network flows need to be manually annotated as supervisory labels, a process that is time-consuming or even impossible, making NIDS difficult to adapt to potentially complex attacks, especially in large-scale real-world scenarios. The existing GNN-based self-supervised methods focus on the binary classification of network flow as benign or not, and thus fail to reveal the types of attack in practice. This paper studies the application of GNNs to identify the specific types of network flows in an unsupervised manner. We first design an encoder to obtain graph embedding, that introduces the graph attention mechanism and considers the edge information as the only essential factor. Then, a self-supervised method based on graph contrastive learning is proposed. The method samples center nodes, and for each center node, generates subgraph by it and its direct neighbor nodes, and corresponding contrastive subgraph from the interpolated graph, and finally constructs positive and negative samples from subgraphs. Furthermore, a structured contrastive loss function based on edge features and graph local topology is introduced. To the best of our knowledge, it is the first GNN-based self-supervised method for the multiclass classification of network flows in NIDS. Detailed experiments conducted on four real-world databases (NF-Bot-IoT, NF-Bot-IoT-v2, NF-CSE-CIC-IDS2018, and NF-CSE-CIC-IDS2018-v2) systematically compare our model with the state-of-the-art supervised and self-supervised models, illustrating the considerable potential of our method. Our code is accessible through

Machine Learning,Cryptography and Security

Hong-Dang Le,Minho Park

DOI: https://doi.org/10.3390/electronics13122404

IF: 2.9

2024-06-20

Electronics

Abstract:As network sizes grow, attack schemes not only become more varied but also increase in complexity. This diversification leads to a proliferation of attack variants, complicating the identification and differentiation of potential threats. Enhancing system security necessitates the implementation of multi-class intrusion detection systems. This approach enables the categorization of incoming network traffic into distinct intrusion types and illustrates the specific attack encountered within the Internet. Numerous studies have leveraged deep learning (DL) for Network-based Intrusion Detection Systems (NIDS), aiming to improve intrusion detection. Among these DL algorithms, Graph Neural Networks (GNN) stand out for their ability to efficiently process unstructured data, especially network traffic, making them particularly suitable for NIDS applications. Although NIDS usually monitors incoming and outgoing flows in a network, represented as edge features in graph format, traditional GNN studies only consider node features, overlooking edge features. This oversight can result in losing important flow data and diminish the system's ability to detect attacks effectively. To address this limitation, our research makes several key contributions: (1) Emphasize the significance of edge features for enhancing GNN for multi-class intrusion detection, (2) Utilize port information, which is essential for identifying attacks but often overlooked during training, (3) Reorganize features embedded within the graph. By doing this, the graph can represent close to the actual network, which is the node showing endpoint identification information such as IP addresses and ports; the edge contains information related to flow such as Duration, Number of Packet/s, and Length....; (4) Compared to traditional methods, our experiments demonstrate significant performance improvements on both CIC-IDS-2017 (98.32%) and UNSW-NB15 (96.71%) datasets.

engineering, electrical & electronic,computer science, information systems,physics, applied

Congyuan Xu,Jizhong Shen,Xin Du,Fan Zhang

DOI: https://doi.org/10.1109/access.2018.2867564

IF: 3.9

2018-01-01

IEEE Access

Abstract:To improve the performance of network intrusion detection systems (IDS), we applied deep learning theory to intrusion detection and developed a deep network model with automatic feature extraction. In this paper, we consider the characteristics of the time-related intrusion and propose a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module. Experiments on the well-known KDD 99 and NSL-KDD data sets show that the system has leading performance. The overall detection rate was 99.42% using KDD 99 and 99.31% using NSL-KDD with false positive rates as low as 0.05% and 0.84%, respectively. In particular, for detecting the denial of service attacks, the system achieved detection rates of 99.98% and 99.55%, respectively. Comparative experiments showed that the GRU is more suitable as a memory unit for IDS than LSTM, and proved that it is an effective simplification and improvement of LSTM. Moreover, the bidirectional GRU can reach the best performance compared with the recently published methods.

Lina Zhang,Yang Wang,Minyue Wu,Yanwei Wang,Ying Zheng

DOI: https://doi.org/10.1109/safeprocess58597.2023.10295926

2023-01-01

Abstract:Network technology has become an inseparable part of daily life, which is easily attacked by some criminals. Therefore, ensuring the security of network becomes an urgent problem. In the past few years, various deep learning techniques have been put forward for identifying network intrusions. However, the majority of these approaches overlook the non-Euclidean nature of relationships within network intrusion data. In this paper, graph neural network (GNN) is used to learn the relationship between data. The sample balancing module is to address the significant disparity between the number of intrusive samples and normal samples. The results obtained from the experiments indicate that the suggested approach can enhance the effectiveness of the intrusion detection system.

Yalu Wang,Zhijie Han,Jie Li,Xin He

DOI: https://doi.org/10.48550/arXiv.2304.07226

2023-04-07

Cryptography and Security

Abstract:With the development of the Internet of Things (IoT), network intrusion detection is becoming more complex and extensive. It is essential to investigate an intelligent, automated, and robust network intrusion detection method. Graph neural networks based network intrusion detection methods have been proposed. However, it still needs further studies because the graph construction method of the existing methods does not fully adapt to the characteristics of the practical network intrusion datasets. To address the above issue, this paper proposes a graph neural network algorithm based on behavior similarity (BS-GAT) using graph attention network. First, a novel graph construction method is developed using the behavior similarity by analyzing the characteristics of the practical datasets. The data flows are treated as nodes in the graph, and the behavior rules of nodes are used as edges in the graph, constructing a graph with a relatively uniform number of neighbors for each node. Then, the edge behavior relationship weights are incorporated into the graph attention network to utilize the relationship between data flows and the structure information of the graph, which is used to improve the performance of the network intrusion detection. Finally, experiments are conducted based on the latest datasets to evaluate the performance of the proposed behavior similarity based graph attention network for the network intrusion detection. The results show that the proposed method is effective and has superior performance comparing to existing solutions.

Meihui Zhong,Mingwei Lin,Chao Zhang,Zeshui Xu

DOI: https://doi.org/10.1016/j.cose.2024.103821

IF: 5.105

2024-01-01

Computers & Security

Abstract:Intrusion detection systems (IDS) play a crucial role in maintaining network security. With the increasing sophistication of cyber attack methods, traditional detection approaches are encountering more challenges. In recent years, graph neural networks (GNNs) have garnered significant attention in the field of intrusion detection due to their unique ability to capture the relationships within the graph structure of data communications. In this review, we propose a novel taxonomy that categorizes advanced research into three distinct areas: tasks related to graph construction, network design, and GNN models deployment. We detail a generalized design process for GNN-based intrusion detection models, discussing the challenges encountered at each stage. Building upon these discussions, we conduct a systematic survey of existing works. Ultimately, we delve into a thorough exploration of the future research directions and the pending issues in this domain. By adopting a problem-oriented taxonomy and conducting a targeted survey, this review aims to provide scholars with a clear, systematic framework for deepening their understanding and further exploration of the field.

Yasir Ali Farrukh,Syed Wali,Irfan Khan,Nathaniel D. Bastian

2024-08-27

Abstract:In the rapidly evolving field of cybersecurity, the integration of flow-level and packet-level information for real-time intrusion detection remains a largely untapped area of research. This paper introduces "XG-NID," a novel framework that, to the best of our knowledge, is the first to fuse flow-level and packet-level data within a heterogeneous graph structure, offering a comprehensive analysis of network traffic. Leveraging a heterogeneous graph neural network (GNN) with graph-level classification, XG-NID uniquely enables real-time inference while effectively capturing the intricate relationships between flow and packet payload data. Unlike traditional GNN-based methodologies that predominantly analyze historical data, XG-NID is designed to accommodate the heterogeneous nature of network traffic, providing a robust and real-time defense mechanism. Our framework extends beyond mere classification; it integrates Large Language Models (LLMs) to generate detailed, human-readable explanations and suggest potential remedial actions, ensuring that the insights produced are both actionable and comprehensible. Additionally, we introduce a new set of flow features based on temporal information, further enhancing the contextual and explainable inferences provided by our model. To facilitate practical application and accessibility, we developed "GNN4ID," an open-source tool that enables the extraction and transformation of raw network traffic into the proposed heterogeneous graph structure, seamlessly integrating flow and packet-level data. Our comprehensive quantitative comparative analysis demonstrates that XG-NID achieves an F1 score of 97\% in multi-class classification, outperforming existing baseline and state-of-the-art methods. This sets a new standard in Network Intrusion Detection Systems by combining innovative data fusion with enhanced interpretability and real-time capabilities.

Cryptography and Security,Artificial Intelligence,Machine Learning

Xiang Yu,Zhihong Tian,Jing Qiu,Shen Su,Xiaoran Yan

DOI: https://doi.org/10.32604/cmc.2019.05821

2019-01-01

Abstract:With the development of Information technology and the popularization of Internet, whenever and wherever possible, people can connect to the Internet optionally. Meanwhile, the security of network traffic is threatened by various of online malicious behaviors. The aim of an intrusion detection system (IDS) is to detect the network behaviors which are diverse and malicious. Since a conventional firewall cannot detect most of the malicious behaviors, such as malicious network traffic or computer abuse, some advanced learning methods are introduced and integrated with intrusion detection approaches in order to improve the performance of detection approaches. However, there are very few related studies focusing on both the effective detection for attacks and the representation for malicious behaviors with graph. In this paper, a novel intrusion detection approach IDBFG (Intrusion Detection Based on Feature Graph) is proposed which first filters normal connections with grid partitions, and then records the patterns of various attacks with a novel graph structure, and the behaviors in accordance with the patterns in graph are detected as intrusion behaviors. The experimental results on KDD-Cup 99 dataset show that IDBFG performs better than SVM (Supprot Vector Machines) and Decision Tree which are trained and tested in original feature space in terms of detection rates, false alarm rates and run time.

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Guanghan Duan,Hongwu Lv,Huiqiang Wang,Guangsheng Feng

DOI: https://doi.org/10.1109/tifs.2022.3228493

IF: 7.231

2022-12-24

IEEE Transactions on Information Forensics and Security

Abstract:Deep learning (DL) greatly enhances binary anomaly detection capabilities through effective statistical network characterization; nevertheless, the intrusion class differentiation performance is still insufficient. Two related challenges have not been fully explored. 1) Statistical attack characteristics are overemphasized while ignoring inherent attack topologies; sequence features are extracted from whole traffic flows, but the interaction evolution of each IP pair over time is rarely considered, such as in long short-term memory (LSTM) and gated recurrent units (GRUs). 2) Meeting the need for many high-quality labeled data samples is an expensive and labor-intensive task in large-scale, complex, and heterogeneous networks. To address these issues, we propose a dynamic line graph neural network (DLGNN)-based intrusion detection method with semisupervised learning. Our model converts network traffic into a series of spatiotemporal graphs. A dynamic GNN (DGNN) is employed to extract spatial information from each discrete snapshot and capture the contextual evolution of communication between IP pairs through consecutive snapshots. Moreover, a line graph realizes edge embedding expressions corresponding to network communications and strengthens the message aggregation ability of graph convolution. Experiments on 6 novel datasets demonstrate that our approach achieves 98.15–99.8% accuracy in abnormality detection with fewer labeled samples. Meanwhile, state-of-the-art multiclass performance is achieved, e.g., the average detection accuracy for DDoS across the 6 datasets reaches 95.32%.

Ping Deng,Yong Huang

DOI: https://doi.org/10.1016/j.cose.2024.104132

IF: 5.105

2024-09-28

Computers & Security

Abstract:With the development of the Internet, the application of computer technology has rapidly become widespread, driving the progress of Internet of Things (IoT) technology. The attacks present on networks have become more complex and stealthy. However, traditional network intrusion detection systems with singular functions are no longer sufficient to meet current demands. While some machine learning-based network intrusion detection systems have emerged, traditional machine learning methods cannot effectively respond to the complex and dynamic nature of network attacks. Intrusion detection systems utilizing deep learning can better enhance detection capabilities through diverse data learning and training. To capture the topological relationships in network data, using graph neural networks (GNNs) is most suitable. Most existing GNNs for intrusion detection use multi-layer network training, which may lead to over-smoothing issues. Additionally, current intrusion detection solutions often lack efficiency. To mitigate the issues mentioned above, this paper proposes an E dge-featured M ulti-hop A ttention Graph Neural Network for I ntrusion D etection S ystem (EMA-IDS), aiming to improve detection performance by capturing more features from data flows. Our method enhances computational efficiency through attention propagation and integrates node and edge features, fully leveraging data characteristics. We carried out experiments on four public datasets, which are NF-CSE-CIC-IDS2018-v2, NF-UNSW-NB15-v2, NF-BoT-IoT, and NF-ToN-IoT. Compared with existing models, our method demonstrated superior performance.

computer science, information systems

Yalu Wang,Jie Li,Wei Zhao,Zhijie Han,Hang Zhao,Lei Wang,Xin He

DOI: https://doi.org/10.3390/rs15143611

IF: 5

2023-07-21

Remote Sensing

Abstract:With the rapid development of the Internet of Things (IoT)-based near-Earth remote sensing technology, the problem of network intrusion for near-Earth remote sensing systems has become more complex and large-scale. Therefore, seeking an intelligent, automated, and robust network intrusion detection method is essential. Many researchers have researched network intrusion detection methods, such as traditional feature-based and machine learning methods. In recent years, network intrusion detection methods based on graph neural networks (GNNs) have been proposed. However, there are still some practical issues with these methods. For example, they have not taken into consideration the characteristics of near-Earth remote sensing systems, the state of the nodes, and the temporal features. Therefore, this article analyzes the factors of existing near-Earth remote sensing systems and proposes a spatio-temporal graph attention network (N-STGAT) that considers the state of nodes and applies them to the network intrusion detection of near-Earth remote sensing systems. Finally, the proposed method in this article is validated using the latest flow-based datasets NF-BoT-IoT-v2 and NF-ToN-IoT-v2. The results demonstrate that the binary classification accuracy for network intrusion detection exceeds 99%, while the multi-classification accuracy exceeds 93%. These findings provide substantial evidence that the proposed method outperforms existing intrusion detection techniques.

environmental sciences,imaging science & photographic technology,remote sensing,geosciences, multidisciplinary

Junpeng He,Hanyue Kong,Shihe Zhang,Xiong Li,Weina Niu,Xiaosong Zhang,Fagen Li

DOI: https://doi.org/10.1109/icc51166.2024.10622440

2024-01-01

Abstract:Recently, deep learning (DL)-driven intrusion detection technology has been rising gradually to reduce the economic and privacy losses caused by the dramatic increase in cyber attacks. Besides exploiting the statistical network traffic features, the inherent attack topologies are also important as they are highly associated with attack behaviors. Thus, many works use graph neural networks (GNN) to make use of them to improve the detection performance. Nevertheless, these topologies contain many isolated IPs that interact with far fewer targets than other non-isolated IPs. Due to the message-passing scheme, information from isolated IPs is less likely to be transmitted in GNN training, resulting in poor model understanding of the traffic connecting these isolated IPs. Therefore, the performance of GNN-based intrusion detection models is not satisfactory for this traffic. To address this problem, we implement a generation algorithm with traffic functionality preservation to improve the performance of GNN-based intrusion detectors by locally augmenting this type of traffic. The proposed method first converts the IP-based graph of the traffic dataset into a line graph, and then utilizes a conditional denoising diffusion probabilistic model to generate new graph snapshots to enhance the expressiveness of isolated IP in GNN message aggregation. We evaluate the performance of our method and compare it with state-of-the-art works on three datasets, i.e., NF-BoT-IoT-V2, NF-ToN-IoT-V2, and NF-CSECIC-IDS2018-V2, and the results show it achieves accuracy of 99.11%(↑0.11%), 93.84%(↑2.47%), and 97.15%(↑3.94%), respectively. Case study shows that the proposed local augmentation can improve detection performance under different isolated thresholds. Moreover, our method can alleviate the over-smoothing problem to a certain extent, and the augmented traffic also possesses better quality.

Huiling Shi,Wei Zhang,Lei Zhang,Kuichao Zhang,Hongyang Sun

DOI: https://doi.org/10.1109/NaNA60121.2023.00051

2023-08-01

Abstract:Detecting malicious attacks in normal network traffic is critical to network security. Traditional traffic identification methods often struggle to capture the complex communication patterns in network traffic, hindering their effectiveness. We introduce GraphMal, a framework utilizing Graph Neural Networks (GNNs) for the identification of malicious traffic. This approach effectively exploits network topology and traffic characteristics to improve performance. We first apply Pearson's correlation coefficient and random forest approaches to effectively reduce the dimensionality of the dataset. Then, the E-GraphSAGE algorithm is used to extract salient features from the traffic topology graph and construct a robust graph classifier. Additionally, the focal loss function is used to solve the data imbalance problem. Experiments conducted on the UNSW-NB15 dataset demonstrate GraphMal's remarkable performance in both binary and multi-class classification tasks, while improving the learning efficiency of GNNs.

Computer Science

Yalu Wang,Jie Li,Wei Zhao,Zhijie Han,Hang Zhao,Lei Wang,Xin He

DOI: https://doi.org/10.3390/rs15143611

IF: 5

2023-01-01

Remote Sensing

Abstract:With the rapid development of the Internet of Things (IoT)-based near-Earth remote sensing technology, the problem of network intrusion for near-Earth remote sensing systems has become more complex and large-scale. Therefore, seeking an intelligent, automated, and robust network intrusion detection method is essential. Many researchers have researched network intrusion detection methods, such as traditional feature-based and machine learning methods. In recent years, network intrusion detection methods based on graph neural networks (GNNs) have been proposed. However, there are still some practical issues with these methods. For example, they have not taken into consideration the characteristics of near-Earth remote sensing systems, the state of the nodes, and the temporal features. Therefore, this article analyzes the factors of existing near-Earth remote sensing systems and proposes a spatio-temporal graph attention network (N-STGAT) that considers the state of nodes and applies them to the network intrusion detection of near-Earth remote sensing systems. Finally, the proposed method in this article is validated using the latest flow-based datasets NF-BoT-IoT-v2 and NF-ToN-IoT-v2. The results demonstrate that the binary classification accuracy for network intrusion detection exceeds 99%, while the multi-classification accuracy exceeds 93%. These findings provide substantial evidence that the proposed method outperforms existing intrusion detection techniques.

Xinjun Pei,Xiaoheng Deng,Shengwei Tian,Ping Jiang,Yunlong Zhao,Kaiping Xue

DOI: https://doi.org/10.1109/tdsc.2024.3417853

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:With the ever-growing attention on communication security, machine learning-based network intrusion detection system (NIDS) is widely utilized to meet different security requirements. However, most of the existing methods manually extract or learn features from raw traffic, which is usually expensive, complicated, and time-consuming. Moreover, this also brings unprecedented challenges for preserving users' privacy in the communication process, making it difficult for existing solutions to be deployed in practice due to the privacy requirements from legal policies. This paper proposes a privacypreserving graph neural network (named NIGNN) for NIDS, which can encode the local structure and traffic features. To address the privacy issues pertaining to the application of graph representation learning, we design a privacy message-passing mechanism with formal privacy guarantees, in which sensitive information potentially contained in graph vertices will be kept private. Specifically, we design a privacy-enhancement graph representation that introduces a degree-sensitive item in vertexbased aggregation to reduce noise. Our theoretical analysis shows that NIGNN can provide a provable privacy guarantee. Extensive experiments demonstrate NIGNN's performance in maintaining a sound privacy-accuracy trade-off.

Abdeljalil Zoubir,Badr Missaoui

2024-04-24

Abstract:In this paper, we present two novel methods in Network Intrusion Detection Systems (NIDS) using Graph Neural Networks (GNNs). The first approach, Scattering Transform with E-GraphSAGE (STEG), utilizes the scattering transform to conduct multi-resolution analysis of edge feature vectors. This provides a detailed representation that is essential for identifying subtle anomalies in network traffic. The second approach improves node representation by initiating with Node2Vec, diverging from standard methods of using uniform values, thereby capturing a more accurate and holistic network picture. Our methods have shown significant improvements in performance compared to existing state-of-the-art methods in benchmark NIDS datasets.

Cryptography and Security,Artificial Intelligence,Machine Learning