Marrying Graph Kernel with Deep Neural Network: A Case Study for Network Anomaly Detection

Download paper here

Recommended citation: Yepeng Yao, Liya Su, Chen Zhang, Zhigang Lu, Baoxu Liu. Marrying Graph Kernel with Deep Neural Network: A Case Study for Network Anomaly Detection[C]//2019 International Conference on Computational Science. Springer, Cham, 2019: 102-115.

Abstract

Network anomaly detection has caused widespread concern among researchers and the industry. Existing work mainly focuses on applying machine learning techniques to detect network anomalies. The ability to exploit the potential relationships of communication patterns in network traffic has been the focus of many existing studies. Graph kernels provide a powerful means for representing complex interactions between entities, while deep neural networks break through new foundations for the reason that data representation in the hidden layer is formed by specific tasks and is thus customized for network anomaly detection. However, deep neural networks cannot learn communication patterns among network traffic directly. At the same time, deep neural networks require a large amount of training data and are computationally expensive, especially when considering the entire network flows. For these reasons, we employ a novel method AnoNG to marry graph kernels to deep neural networks, which exploits the relationship expressiveness among network flows and combines ability of neural networks to mine hidden layers and enhances the learning effectiveness when a limited number of training examples are available. We evaluate the proposed method on two real-world datasets which contains low-intensity network attacks and experimental results reveal that our model achieves significant improvements in accuracies over existing network anomaly detection tasks.