GNN-based Anomaly Traffic Detection using Continuous Graph Considering Functional Transitions of Flow Data

Abstract

As more and more IoT devices are connected to the network, countermeasures against cyber-attacks against IoT devices have become an important issue. Recently, Graph Neural Network (GNN)-based methods have been proposed to detect malware-infected IoT devices. Compared to conventional methods that use only statistical information, GNN-based methods can take into account various communication relationships, such as communication paths, communication order, and functional coherence. On the other hand, most of the previous studies are based on static graphs over a specific period of time and fail to take into account changes in communication over time. In reality, most communication data changes with time, and a method that can handle dynamically changing communication is required. We propose a new anomaly detection method for dynamic graphs that represent the order and functional coherence of communications. By using a dynamic graph called Continuous Graph, we can handle a large amount of communication data with a low computational cost. Experiments were conducted on public datasets to evaluate the accuracy of the proposed method, and its effectiveness was confirmed.