Research On Abnormal Behavior Detection Method Based On Graph Neural Networks

Along with the explosive development of the Internet,the security risks and threats it faces are becoming increasingly serious.Various network security incidents are frequent,and network attacks are becoming increasingly complex and diverse.In such a serious network security situation,network anomaly detection,as one of the important protection means for active network security defense,becomes crucial.However,traditional anomaly detection methods often only make use of the attribute information between data objects,discarding the complex relationships that exist between objects and ignoring the intrinsic connections between data.And graph neural networks,as a powerful deep learning-based graph representation technique,can express the relationships between data objects as graph structures to exploit both attribute and structural information between data objects.Considering this property of graph neural networks,this paper proposes a series of network securityoriented graph neural network anomaly detection methods,with the main contributions including these aspects.(1)Abnormal transaction behavior detection method: Two anomaly detection methods of graph neural networks are proposed for the detection of anomalous transaction behavior.Anomaly detection models are constructed by combining multilayer perceptrons and graph neural networks.Experiments on the Bitcoin transaction dataset show that the performance of the combined and optimized model is significantly improved compared to that of the traditional graph neural network model alone.The two graph neural network-based anomaly detection methods proposed in this paper are also superior to other machine learning methods.(2)Darknet traffic anomaly detection method: A Graph SAGE-based graph neural network anomaly detection method is proposed for the anomaly detection of darkne traffic.The Graph SAGE algorithm is adapted to the classification of darknet traffic.A series of experiments on the darkne traffic dataset show that the graph neural network method can effectively detect darkne traffic in the network environment and is more resistant to interference than the machine learning method.In addition,a new attention aggregation function is proposed to aggregate the features of different neighboring nodes.Through experimental comparison,it is demonstrated that this aggregation function is better than other aggregation functions in terms of detection effectiveness and resistance to noise interference.(3)Network Intrusion Abnormal Behavior Detection Method: A graph neural network anomaly detection method based on GATv2 is proposed for network intrusion anomaly detection.As the traditional GAT network suffers from the static attention problem,an improved version of GATv2 is introduced in this paper to overcome this problem.Experimental results on two publicly available intrusion detection datasets show that the GATv2-based model provides better detection than the original GAT model and has stronger noise immunity.In contrast,the graph neural network approach shows greater resistance to interference in cases where similar detection results are achieved with machine learning methods.In this paper,we propose corresponding graph neural network solution for the detection of abnormal transaction behavior,darknet traffic anomaly detection,and network intrusion anomaly detection,and also improve the relevant methods to enhance the model detection performance.Extensive experiments on the relevant datasets show that the graph neural network anomaly detection solution is more resistant to noise interference while improving the model detection performance,which is more relevant in the complex and changing network environment.