Always be Pre-Training: Representation Learning for Network Intrusion Detection with GNNs

Zhengyao Gu, Diego Troy Lopez, Lilas Alrahis, Ozgur Sinanoglu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Graph neural network-based network intrusion detection systems have recently demonstrated state-of-the-art performance on benchmark datasets. Nevertheless, these methods suffer from a reliance on target encoding for data pre-processing, limiting widespread adoption due to the associated need for annotated labels - a cost-prohibitive requirement. In this work, we propose a solution involving in-context pre-training and the utilization of dense representations for categorical features to jointly overcome the label-dependency limitation. Our approach exhibits remarkable data efficiency, achieving over 98% of the performance of the supervised state-of-the-art with less than 4% labeled data on the NF-UQ-NIDS-V2 dataset.

Original languageEnglish (US)
Title of host publicationProceedings of the 25th International Symposium on Quality Electronic Design, ISQED 2024
PublisherIEEE Computer Society
ISBN (Electronic)9798350309270
DOIs
StatePublished - 2024
Event25th International Symposium on Quality Electronic Design, ISQED 2024 - Hybrid, San Francisco, United States
Duration: Apr 3 2024Apr 5 2024

Publication series

NameProceedings - International Symposium on Quality Electronic Design, ISQED
ISSN (Print)1948-3287
ISSN (Electronic)1948-3295

Conference

Conference25th International Symposium on Quality Electronic Design, ISQED 2024
Country/TerritoryUnited States
CityHybrid, San Francisco
Period4/3/244/5/24

Keywords

  • few-shot learning
  • graph neural network
  • Intrusion detection
  • machine learning
  • NIDS
  • self-supervised learning

ASJC Scopus subject areas

  • Hardware and Architecture
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Always be Pre-Training: Representation Learning for Network Intrusion Detection with GNNs'. Together they form a unique fingerprint.

Cite this