Toronto Metropolitan University
Browse
- No file added yet -

Network Anomaly Detection Scheme Using Graph Neural Network

Download (1.09 MB)
thesis
posted on 2024-09-05, 16:36 authored by Patrice Kisanger

Traditional intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) focus on detecting, preventing, and blocking known attacks and obvious threats. Contrary to these systems, the Activity and Event Network (AEN) model is a newly proposed framework capable of identifying long-term threats and novel attack patterns such as custom crafted, multi-stage attack vectors, that the above-mentioned tools cannot detect as its design relies on a large random time varying graph model. In this thesis, the structural foundations of AEN graph are used as a basis to design a graph neural network (GNN)-based network anomaly detection scheme. This work is the first ever application of AEN to build a GNN model for anomaly detection purpose. The proposed model is evaluated using five different labelled datasets, namely, the DDoS, Tor-nonTor, Portmap, UDPLag, and SYN datasets, yielding preliminary promising results in terms of precision, recall, F1 score, and accuracy, chosen as performance metrics.

History

Language

English

Degree

  • Master of Applied Science

Program

  • Computer Networks

Granting Institution

Toronto Metropolitan University

LAC Thesis Type

  • Thesis

Thesis Advisor

Isaac Woungang

Year

2023