AnoGLA: An efficient scheme to improve network anomaly detection

Abstract

With increasingly cyber-attacks and intrusion techniques, the threat of network security has become more and more serious. However, existing solutions are no longer sufficient in terms of accuracy as attacks continue to grow in quantity and complexity. Prior methods mainly focused on the application of deep learning techniques to analyze data changes in traffic flow. The cunning Cyber-attacks cannot be detected because some advanced attack techniques can conceal attacks and make them might seem innocuous in statistics. At the same time, traditional models only concentrate on the statistics of traffic sent by individual hosts, so the potential relationships of communication patterns in network traffic might be ignored. It makes these solutions are not competent for dealing with the various uncertainty in network traffic. In this paper, we propose an efficient anomaly detection approach, called AnoGLA, which considering the complex communication patterns between network structure and node properties. To mine the hidden relationship between network traffic, we built graph structured data in network traffic and exploits graph convolution network (GCN) for modeling. And we also combine long short-term memory network (LSTM) with Attention mechanism to extract the change information of the graph at different times. The effectiveness and robustness of proposed method are evaluated on two real-world datasets. The experiment results indicate that our scheme can effectively detect anomaly flow and outperforms the previous ones in network anomaly detection tasks.