| Title | STDeepGraph: Spatial-Temporal Deep Learning on Communication Graphs for Long-Term Network Attack Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Yao, Yepeng, Su, Liya, Lu, Zhigang, Liu, Baoxu |
| Conference Name | 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
| Keywords | Attack Graphs, CNN, composability, computer network security, convolutional neural nets, convolutional neural network, Deep Learning, dimensionality reduction, feature extraction, graph characterization vectors, Graph Kernel, graph kernel matrices, graph Laplacian matrix, graph signal processing, graph similarity measures, graph structures, graph theory, high-dimensional intrinsic representation, high-dimensional representations, hybrid deep learning models, hybrid deep neural network design, IP networks, Kernel, kernel-based similarity embedding vector, Laplace equations, learning (artificial intelligence), Long short-term memory, long-term information learning, long-term network attack detection, LSTM, matrix algebra, Matrix converters, network communication data, network flows, network traffic, pattern classification, Predictive Metrics, pubcrawl, real-world network attack datasets, Resiliency, Signal processing, spatial-temporal deep learning, spatiotemporal deep learning, structural similarity information, supervised classification task, telecommunication traffic, temporal communication graph, traffic analysis methods |
| Abstract | Network communication data are high-dimensional and spatiotemporal, and their information content is often degraded by common traffic analysis methods. For long-term network attack detection based on network flows, it is important to extract a discriminative, high-dimensional intrinsic representation of such flows. This work focuses on a hybrid deep neural network design using a combination of a convolutional neural network (CNN) and long short-term memory (LSTM) with graph similarity measures to learn high-dimensional representations from the network traffic. In particular, examining a set of network flows, we commence by constructing a temporal communication graph and then computing graph kernel matrices. Having obtained the kernel matrices, for each graph, we use the kernel value between graphs and calculate graph characterization vectors by graph signal processing. This vector can be regarded as a kernel-based similarity embedding vector of the graph that integrates structural similarity information and leverages efficient graph kernel using the graph Laplacian matrix. Our approach exploits graph structures as the additional prior information, the graph Laplacian matrix for feature extraction and hybrid deep learning models for long-term information learning on communication graphs. Experiments on two real-world network attack datasets show that our approach can extract more discriminative representations, leading to an improved accuracy in a supervised classification task. The experimental results show that our method increases the overall accuracy by approximately 10%-15%. |
| DOI | 10.1109/TrustCom/BigDataSE.2019.00025 |
| Citation Key | yao_stdeepgraph_2019 |
STDeepGraph: Spatial-Temporal Deep Learning on Communication Graphs for Long-Term Network Attack Detection