Network Anomaly Detection Using a Graph Neural Network

Contrary to the many traditional network security approaches that focus on volume-based threats, the Activity and Event Network (AEN) is a new approach built on a graph model, which addresses both volumetric attacks and long-term threats that traditional security tools cannot deal with. The AEN graph structural foundation can serve as a basis to construct a graph to be used in Graph Neural Network (GNN) for anomaly and threat detection purposes. In this paper, an AEN-based supervised Graph Convolutional Network (GCN) model is proposed, then evaluated using two labelled datasets, namely, the distributed denial of service (DDoS) and the TOR-nonTOR datasets, yielding an accuracy score of 76% with the DDoS dataset and 88% with the TOR-nonTOR dataset, respectively.