Network Anomaly Detection Scheme Using Graph Neural Network
Traditional intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) focus on detecting, preventing, and blocking known attacks and obvious threats. Contrary to these systems, the Activity and Event Network (AEN) model is a newly proposed framework capable of identifying long-term threats and novel attack patterns such as custom crafted, multi-stage attack vectors, that the above-mentioned tools cannot detect as its design relies on a large random time varying graph model. In this thesis, the structural foundations of AEN graph are used as a basis to design a graph neural network (GNN)-based network anomaly detection scheme. This work is the first ever application of AEN to build a GNN model for anomaly detection purpose. The proposed model is evaluated using five different labelled datasets, namely, the DDoS, Tor-nonTor, Portmap, UDPLag, and SYN datasets, yielding preliminary promising results in terms of precision, recall, F1 score, and accuracy, chosen as performance metrics.
History
Language
EnglishDegree
- Master of Applied Science
Program
- Computer Networks
Granting Institution
Toronto Metropolitan UniversityLAC Thesis Type
- Thesis