Innovative Pre-Training Methods for Network Intrusion Detection with GNNs

The author proposes innovative pre-training methods using dense representations to enhance network intrusion detection systems based on Graph Neural Networks, achieving remarkable data efficiency and performance improvements.

The content discusses the use of Graph Neural Networks (GNNs) for network intrusion detection, focusing on pre-training techniques to overcome label-dependency limitations. The study introduces in-context pre-training and dense representation models to improve performance and data efficiency in detecting intrusions. Key findings include the superiority of dense representation models over target encoding models, especially when combined with self-supervised learning. The experiments demonstrate that pre-trained models exhibit greater resilience to data scarcity and achieve high performance with minimal labeled data. The study also highlights the challenges in NIDS research related to dataset labeling, imbalance between benign and malicious activities, and the need for more realistic datasets. Future work is suggested to explore advanced GNN architectures and SSL techniques, evaluate frameworks using real network traffic, and incorporate directionality of network flows in NIDS.

Achieving over 98% performance with less than 4% labeled data on NF-UQ-NIDS-V2 dataset. NF-UQ-NIDS-V2 contains 75,987,976 records with 20 attack categories. ToN-IoT dataset consists of 461,043 total records with 9 attack types. E-GraphSAGE model has two layers with a hidden dimension of 128. F1-score used as evaluation metric for intrusion detectors.

"Intrusion detectors based on Graph Neural Networks have achieved state-of-the-art performance." "SSL pre-trained models exhibit significantly greater data efficiency compared to other methods." "Dense representation GNNs consistently outperform target encoding models."