Detecting Contextual Network Anomalies with Graph Neural Networks
Authors: 
Hamid Latif, José Suárez-Varela, Albert Cabellos-Aparicio, Pere Barlet-RosAuthors Info & Claims
Pages 25 - 30
Abstract
Detecting anomalies on network traffic is a complex task due to the massive amount of traffic flows in today's networks, as well as the highly-dynamic nature of traffic over time. In this paper, we propose the use of Graph Neural Networks (GNN) for network traffic anomaly detection. We formulate the problem as contextual anomaly detection on network traffic measurements, and propose a custom GNN-based solution that detects traffic anomalies on origin-destination flows. In our evaluation, we use real-world data from Abilene (6 months), and make a comparison with other widely used methods for the same task (PCA, EWMA, RNN). The results show that the anomalies detected by our solution are quite complementary to those captured by the baselines (with a max. of 36.33% overlapping anomalies for PCA). Moreover, we manually inspect the anomalies detected by our method, and find that a large portion of them can be visually validated by a network expert (64% with high confidence, 18% with mid confidence, 18% normal traffic). Lastly, we analyze the characteristics of the anomalies through two paradigmatic cases that are quite representative of the bulk of anomalies.
References
[1]
Mohiuddin Ahmed, Abdun Naser Mahmood, and Jiankun Hu. 2016. A survey of network anomaly detection techniques. Journal of Network and Computer Applications 60 (2016), 19--31.
[2]
Peter W Battaglia, Jessica B Hamrick, et al. 2018. Relational inductive biases, deep learning, and graph networks. arXiv preprint arXiv:1806.01261 (2018).
[3]
Yoshua Bengio, Patrice Simard, and Paolo Frasconi. 1994. Learning long-term dependencies with gradient descent is difficult. IEEE transactions on neural networks 5, 2 (1994), 157--166.
[4]
Monowar H Bhuyan, Dhruba Kumar Bhattacharyya, and Jugal K Kalita. 2013. Network anomaly detection: methods, systems and tools. IEEE communications surveys & tutorials 16, 1 (2013), 303--336.
[5]
Ailin Deng and Bryan Hooi. 2021. Graph neural network-based anomaly detection in multivariate time series. In Proceedings of the AAAI conference on artificial intelligence, Vol. 35. 4027--4035.
[6]
Giorgos Dimopoulos, Pere Barlet-Ros, Constantine Dovrolis, and Ilias Leontiadis. 2017. Detecting network performance anomalies with contextual anomaly detection. In IEEE International Workshop on Measurement and Networking (M&N). 1--6.
[7]
Jonathan Goh, Sridhar Adepu, Marcus Tan, and Zi Shan Lee. 2017. Anomaly detection in cyber physical systems using recurrent neural networks. In IEEE 18th International Symposium on High Assurance Systems Engineering (HASE). 140--145.
[8]
Gastón García González, Sergio Martinez Tagliafico, Alicia Fernández Iie-Fing, Gabriel Gómez, José Acuña, and Pedro Casas. 2022. DC-VAE, Fine-grained Anomaly Detection in Multivariate Time-Series with Dilated Convolutions and Variational Auto Encoders. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 287--293.
[9]
Michael A Hayes and Miriam AM Capretz. 2014. Contextual anomaly detection in big sensor data. In IEEE International Congress on Big Data. 64--71.
[10]
Yue Hu, Ao Qu, and Dan Work. 2020. Graph convolutional networks for traffic anomaly. arXiv preprint arXiv:2012.13637 (2020).
[11]
Anukool Lakhina, Mark Crovella, and Christophe Diot. 2004. Diagnosing network-wide traffic anomalies. ACM SIGCOMM computer communication review 34, 4 (2004), 219--230.
[12]
Yuzhen Li, Renjie Li, Zhou Zhou, Jiang Guo, Wei Yang, Meijie Du, and Qingyun Liu. 2022. GraphDDoS: Effective DDoS Attack Detection Using Graph Neural Networks. In 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 1275--1280.
[13]
David Pujol-Perich, José Suárez-Varela, Albert Cabellos-Aparicio, and Pere Barlet-Ros. 2022. Unveiling the potential of graph neural networks for robust intrusion detection. ACM SIGMETRICS Performance Evaluation Review 49, 4 (2022), 111--117.
[14]
Haakon Ringberg, Augustin Soule, Jennifer Rexford, and Christophe Diot. 2007. Sensitivity of PCA for traffic anomaly detection. In ACM SIGMETRICS. 109--120.
[15]
Krzysztof Rusek, José Suárez-Varela, Albert Mestres, Pere Barlet-Ros, and Albert Cabellos-Aparicio. 2019. Unveiling the potential of graph neural networks for network modeling and optimization in SDN. In Proceedings of the 2019 ACM Symposium on SDN Research. 140--151.
[16]
Yifei Shen, Yuanming Shi, Jun Zhang, and Khaled B Letaief. 2020. Graph neural networks for scalable radio resource management: Architecture design and theoretical analysis. IEEE Journal on Selected Areas in Communications 39, 1 (2020), 101--115.
[17]
José Suárez-Varela, Paul Almasan, Miquel Ferriol-Galmés, Krzysztof Rusek, Fabien Geyer, Xiangle Cheng, Xiang Shi, Shihan Xiao, Franco Scarselli, Albert Cabellos-Aparicio, et al. 2022. Graph neural networks for communication networks: Context, use cases and opportunities. IEEE network (2022).
[18]
Dan Tang, Kai Chen, XiaoSu Chen, HuiYu Liu, Xinhua Li, et al. 2014. Adaptive EWMA Method based on abnormal network traffic for LDoS attacks. Mathematical Problems in Engineering 2014 (2014).
[19]
Shreshth Tuli, Giuliano Casale, and Nicholas R Jennings. 2022. Tranad: Deep transformer networks for anomaly detection in multivariate time series data. arXiv preprint arXiv:2201.07284 (2022).
[20]
Petar Veličković, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, and Yoshua Bengio. 2017. Graph attention networks. arXiv preprint arXiv:1710.10903 (2017).
[21]
Jiehui Xu, Haixu Wu, Jianmin Wang, and Mingsheng Long. 2021. Anomaly transformer: Time series anomaly detection with association discrepancy. arXiv preprint arXiv:2110.02642 (2021).
[22]
Yin Zhang, Zihui Ge, Albert Greenberg, and Matthew Roughan. 2005. Network anomography. In Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement. 30--30.
[23]
Jie Zhou, Ganqu Cui, Shengding Hu, Zhengyan Zhang, et al. 2020. Graph neural networks: A review of methods and applications. AI open 1 (2020), 57--81.
Index Terms
- Detecting Contextual Network Anomalies with Graph Neural Networks
Recommendations
Explainable contextual anomaly detection using quantile regression forests
AbstractTraditional anomaly detection methods aim to identify objects that deviate from most other objects by treating all features equally. In contrast, contextual anomaly detection methods aim to detect objects that deviate from other objects within a ...
Graph neural networks for detecting anomalies in scientific workflows
Identifying and addressing anomalies in complex, distributed systems can be challenging for reliable execution of scientific workflows. We model these workflows as directed acyclic graphs (DAGs), where the nodes and edges of the DAGs represent jobs and ...
Unveiling the potential of graph neural networks for BGP anomaly detection
GNNet '22: Proceedings of the 1st International Workshop on Graph Neural NetworkingThe Border Gateway Protocol (BGP) is central to the global connectivity of the Internet, enabling fast and efficient dissemination of routing information. Hence, detecting any anomaly concerning BGP announcements is of critical importance to ensure the ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2023
49 pages
ISBN:9798400704482
DOI:10.1145/3630049
- General Chairs:
- Pere Barlet-Ros,
- Pedro Casas,
- Franco Scarselli,
- Jose Suarez-Varela,
- Albert Cabellos
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 December 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Ministerio de Ciencia e Innovación / Agencia Estatal de Investigación
- Spanish Ministry of Economic Affairs and Digital Transformation / European Union
- European Union?s Horizon 2020
- Catalan Institu- tion for Research and Advanced Studies
Conference
CoNEXT 2023
Sponsor:
CoNEXT 2023: The 19th International Conference on emerging Networking EXperiments and Technologies
December 8, 2023
Paris, France
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 90Total Downloads
- Downloads (Last 12 months)90
- Downloads (Last 6 weeks)5
Reflects downloads up to 16 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in