A novel approach for detecting malicious hosts based on RE-GCN in intranet
Abstract Internal network attacks pose a serious security threat to enterprises and organizations, potentially leading to critical information leaks and network system damage. Hosts, as the core data and service bearers, are often primary targets of cyber attacks. Therefore, accurately identifying h...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2024-12-01
|
| Series: | Cybersecurity |
| Subjects: | |
| Online Access: | https://doi.org/10.1186/s42400-024-00242-8 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841559342110736384 |
|---|---|
| author | Haochen Xu Xiaoyu Geng Junrong Liu Zhigang Lu Bo Jiang Yuling Liu |
| author_facet | Haochen Xu Xiaoyu Geng Junrong Liu Zhigang Lu Bo Jiang Yuling Liu |
| author_sort | Haochen Xu |
| collection | DOAJ |
| description | Abstract Internal network attacks pose a serious security threat to enterprises and organizations, potentially leading to critical information leaks and network system damage. Hosts, as the core data and service bearers, are often primary targets of cyber attacks. Therefore, accurately identifying hosts with malicious behavior in the network is crucial. However, detecting malicious hosts on this intranet presents several challenges. Firstly, the network state is unstructured data that dynamically changes in real-time. Secondly, the large amount of normal traffic in the network drowns out the traces generated by malicious behaviors, leading to the problem of category imbalance. Lastly, the traditional graph neural network model has limitations in processing edge information and is unable to directly learn the information in netflow. To overcome these challenges, this paper proposes a malicious host detection system. The system extracts the Host Communication Graph by time slicing and uses a random undersampling method to balance samples. For malicious host detection, this paper proposes the Relational-Edge Graph Convolutional Network (RE-GCN) model, which can directly aggregate and learn features on edges and use them to accurately classify nodes, compared to other GNN models. Comparative experiments were conducted on various netflow datasets, demonstrating the effectiveness of our approach. Our approach outperformed other common GNN models in detecting malicious hosts. |
| format | Article |
| id | doaj-art-1fb88477a2a5480594ec8ada15e6ad39 |
| institution | Kabale University |
| issn | 2523-3246 |
| language | English |
| publishDate | 2024-12-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Cybersecurity |
| spelling | doaj-art-1fb88477a2a5480594ec8ada15e6ad392025-01-05T12:34:03ZengSpringerOpenCybersecurity2523-32462024-12-017111710.1186/s42400-024-00242-8A novel approach for detecting malicious hosts based on RE-GCN in intranetHaochen Xu0Xiaoyu Geng1Junrong Liu2Zhigang Lu3Bo Jiang4Yuling Liu5Institute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesInstitute of Information Engineering, Chinese Academy of SciencesAbstract Internal network attacks pose a serious security threat to enterprises and organizations, potentially leading to critical information leaks and network system damage. Hosts, as the core data and service bearers, are often primary targets of cyber attacks. Therefore, accurately identifying hosts with malicious behavior in the network is crucial. However, detecting malicious hosts on this intranet presents several challenges. Firstly, the network state is unstructured data that dynamically changes in real-time. Secondly, the large amount of normal traffic in the network drowns out the traces generated by malicious behaviors, leading to the problem of category imbalance. Lastly, the traditional graph neural network model has limitations in processing edge information and is unable to directly learn the information in netflow. To overcome these challenges, this paper proposes a malicious host detection system. The system extracts the Host Communication Graph by time slicing and uses a random undersampling method to balance samples. For malicious host detection, this paper proposes the Relational-Edge Graph Convolutional Network (RE-GCN) model, which can directly aggregate and learn features on edges and use them to accurately classify nodes, compared to other GNN models. Comparative experiments were conducted on various netflow datasets, demonstrating the effectiveness of our approach. Our approach outperformed other common GNN models in detecting malicious hosts.https://doi.org/10.1186/s42400-024-00242-8Malicious host detectionIntranetGraph neural network |
| spellingShingle | Haochen Xu Xiaoyu Geng Junrong Liu Zhigang Lu Bo Jiang Yuling Liu A novel approach for detecting malicious hosts based on RE-GCN in intranet Cybersecurity Malicious host detection Intranet Graph neural network |
| title | A novel approach for detecting malicious hosts based on RE-GCN in intranet |
| title_full | A novel approach for detecting malicious hosts based on RE-GCN in intranet |
| title_fullStr | A novel approach for detecting malicious hosts based on RE-GCN in intranet |
| title_full_unstemmed | A novel approach for detecting malicious hosts based on RE-GCN in intranet |
| title_short | A novel approach for detecting malicious hosts based on RE-GCN in intranet |
| title_sort | novel approach for detecting malicious hosts based on re gcn in intranet |
| topic | Malicious host detection Intranet Graph neural network |
| url | https://doi.org/10.1186/s42400-024-00242-8 |
| work_keys_str_mv | AT haochenxu anovelapproachfordetectingmalicioushostsbasedonregcninintranet AT xiaoyugeng anovelapproachfordetectingmalicioushostsbasedonregcninintranet AT junrongliu anovelapproachfordetectingmalicioushostsbasedonregcninintranet AT zhiganglu anovelapproachfordetectingmalicioushostsbasedonregcninintranet AT bojiang anovelapproachfordetectingmalicioushostsbasedonregcninintranet AT yulingliu anovelapproachfordetectingmalicioushostsbasedonregcninintranet AT haochenxu novelapproachfordetectingmalicioushostsbasedonregcninintranet AT xiaoyugeng novelapproachfordetectingmalicioushostsbasedonregcninintranet AT junrongliu novelapproachfordetectingmalicioushostsbasedonregcninintranet AT zhiganglu novelapproachfordetectingmalicioushostsbasedonregcninintranet AT bojiang novelapproachfordetectingmalicioushostsbasedonregcninintranet AT yulingliu novelapproachfordetectingmalicioushostsbasedonregcninintranet |