Network Anomaly Detection Integrating Dynamic Graph Embedding and Transformer Autoencoder
Network anomaly detection aims to promptly identify and respond to malicious activities and potential threats within networks. Most existing graph-embedding-based methods are designed for static graphs and neglect fine-grained temporal information, thus failing to capture the continuity of dynamic n...
Saved in:
| Published in: | Ji suan ji gong cheng Vol. 51; no. 4; pp. 47 - 56 |
|---|---|
| Main Author: | |
| Format: | Journal Article |
| Language: | Chinese English |
| Published: |
Editorial Office of Computer Engineering
15.04.2025
|
| Subjects: | |
| ISSN: | 1000-3428 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Network anomaly detection aims to promptly identify and respond to malicious activities and potential threats within networks. Most existing graph-embedding-based methods are designed for static graphs and neglect fine-grained temporal information, thus failing to capture the continuity of dynamic network behaviors and diminishing the effectiveness of network anomaly detection. To enhance the efficiency and accuracy of dynamic network anomaly detection, this study proposes a novel method integrating dynamic graph embedding and Transformer autoencoders. This method leverages temporal-walk-based graph embedding to capture the topological structure and detailed temporal information of the network. It incorporates a Transformer autoencoder with contrastive loss to optimize node embeddings and effectively capture long-term dependencies and global information. This integration enhances the model's ability to perceive dynamic networks, facilitating better detection of time-evolving events and the identification of malicious behaviors. The effectiveness of this method is validated through extensive experiments conducted on two publicly available datasets in network security. Its superior performance on the LANL-2015 dataset is indicated with a True Positive Rate (TPR) of 94.3%, False Positive Rate (FPR) of 5.7%, and an Area Under the Curve (AUC) of 98.3%. Further, on the OpTC dataset, the method achieves a TPR of 99.9%, a FPR of 0.01%, and an AUC of 99.9%. These results demonstrate that the proposed method effectively learns the topology and temporal dependencies of dynamic networks, thereby accurately identifying network anomalies. |
|---|---|
| AbstractList | Network anomaly detection aims to promptly identify and respond to malicious activities and potential threats within networks. Most existing graph-embedding-based methods are designed for static graphs and neglect fine-grained temporal information, thus failing to capture the continuity of dynamic network behaviors and diminishing the effectiveness of network anomaly detection. To enhance the efficiency and accuracy of dynamic network anomaly detection, this study proposes a novel method integrating dynamic graph embedding and Transformer autoencoders. This method leverages temporal-walk-based graph embedding to capture the topological structure and detailed temporal information of the network. It incorporates a Transformer autoencoder with contrastive loss to optimize node embeddings and effectively capture long-term dependencies and global information. This integration enhances the model's ability to perceive dynamic networks, facilitating better detection of time-evolving events and the identification of malicious behaviors. The effectiveness of this method is validated through extensive experiments conducted on two publicly available datasets in network security. Its superior performance on the LANL-2015 dataset is indicated with a True Positive Rate (TPR) of 94.3%, False Positive Rate (FPR) of 5.7%, and an Area Under the Curve (AUC) of 98.3%. Further, on the OpTC dataset, the method achieves a TPR of 99.9%, a FPR of 0.01%, and an AUC of 99.9%. These results demonstrate that the proposed method effectively learns the topology and temporal dependencies of dynamic networks, thereby accurately identifying network anomalies. |
| Author | ZHANG Anqin, DING Zhifeng |
| Author_xml | – sequence: 1 fullname: ZHANG Anqin, DING Zhifeng organization: 1. School of Computer Science and Technology, Shanghai University of Electric Power, Shanghai 201306, China;2. Institute of Local Government Development, Shantou University, Shantou 515063, Guangdong, China |
| BookMark | eNo90M1OAjEUBeAuMBHQd6gPwNhpO21nSQCRhOgGF64md9pbHGRa0qkxvL34E1cn-ZJzFmdCRiEGJOSuZEVZK23uD0U3DKEoGWMzIbkpGNOMi3JExv92TSbDcGBMcs7YmLw-Yf6M6Z3OQ-zheKZLzGhzFwPdhIz7BLkLe7o8B-g7S9cJTm901bfo3LdDcHSXIAw-ph4TnX_kiMFGh-mGXHk4Dnj7l1Py8rDaLR5n2-f1ZjHfzlwpTJ5Zo1uE0hknvTEOpdNGKK6R-9ryiimjvdVe6rZWUEvumNLCWOW9tQJVJaZk87vrIhyaU-p6SOcmQtf8QEz7BlLu7BGbSx-Ur4SA2kprfGt8BUaq0l5eQqnFF3JxZKc |
| ContentType | Journal Article |
| DBID | DOA |
| DOI | 10.19678/j.issn.1000-3428.0070231 |
| DatabaseName | DOAJ Directory of Open Access Journals |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EndPage | 56 |
| ExternalDocumentID | oai_doaj_org_article_a94a6f533a9c4c8fb8f5a8461c023e47 |
| GroupedDBID | -0Y 5XA 5XJ 92H 92I ABJNI ACGFS ADMLS ALMA_UNASSIGNED_HOLDINGS CCEZO CUBFJ CW9 GROUPED_DOAJ TCJ TGT U1G U5S |
| ID | FETCH-LOGICAL-d138t-c87bea1d8d4f88de4d783627e2f9c250687fc7f47b96a942d06738c6ffcc3e653 |
| IEDL.DBID | DOA |
| ISSN | 1000-3428 |
| IngestDate | Mon Nov 03 22:01:13 EST 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 4 |
| Language | Chinese English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-d138t-c87bea1d8d4f88de4d783627e2f9c250687fc7f47b96a942d06738c6ffcc3e653 |
| OpenAccessLink | https://doaj.org/article/a94a6f533a9c4c8fb8f5a8461c023e47 |
| PageCount | 10 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_a94a6f533a9c4c8fb8f5a8461c023e47 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-04-15 |
| PublicationDateYYYYMMDD | 2025-04-15 |
| PublicationDate_xml | – month: 04 year: 2025 text: 2025-04-15 day: 15 |
| PublicationDecade | 2020 |
| PublicationTitle | Ji suan ji gong cheng |
| PublicationYear | 2025 |
| Publisher | Editorial Office of Computer Engineering |
| Publisher_xml | – name: Editorial Office of Computer Engineering |
| SSID | ssj0042200 |
| Score | 2.2887144 |
| Snippet | Network anomaly detection aims to promptly identify and respond to malicious activities and potential threats within networks. Most existing... |
| SourceID | doaj |
| SourceType | Open Website |
| StartPage | 47 |
| SubjectTerms | dynamic graph embedding|transformer autoencoder|network anomaly detection|malicious behavior|long and short-term time-dependence |
| Title | Network Anomaly Detection Integrating Dynamic Graph Embedding and Transformer Autoencoder |
| URI | https://doaj.org/article/a94a6f533a9c4c8fb8f5a8461c023e47 |
| Volume | 51 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVAON databaseName: DOAJ Directory of Open Access Journals issn: 1000-3428 databaseCode: DOA dateStart: 20160101 customDbUrl: isFulltext: true dateEnd: 99991231 titleUrlDefault: https://www.doaj.org/ omitProxy: false ssIdentifier: ssj0042200 providerName: Directory of Open Access Journals |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrZ3PS8MwFMeDDBE9iD_xNxG81rVpmqTH6TYVZHiYMk8lfUlAcZ3UTvC_Nz86mScvXtsSynvk_YD3Pl-ELmxSiSFRWWQAIKIllJFIJYtSkVGl4hy4hz0_3fPRSEwm-cOS1JebCQt44GC4rsypZMYWJTIHCsKUwmTSJs0EbLbR1O-RxzxfNFMhBlNC4sAhiG2UsRX2Gjr3m3k2NHdf_fW6_Hnn6NmOgvaL2u_Ty3ALbbZ1Ie6F_9lGK7raQRtLtMBd9DwKI9vYtuxT-faF-7rxg1QVvmuhD_Y73A8a8_jGoajxYFpq5fITlpXC40WZqmvcmzczR7FUut5Dj8PB-Po2apURIpWkoolA8FLLRAlFjRBKU-WWMQjXxORgixomuAFuKC9zZg1IlJOjEcCM9UiqWZbuo041q_QBwgR0bA9zMpK2M3Ti4xmJmUqVA9uTDA7RlbNK8R7gF4XDUfsH1klF66TiLycd_cchx2idOPFdB1rMTlCnqef6FK3CZ_PyUZ95_38DTDCz6g |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Network+Anomaly+Detection+Integrating+Dynamic+Graph+Embedding+and+Transformer+Autoencoder&rft.jtitle=Ji+suan+ji+gong+cheng&rft.au=ZHANG+Anqin%2C+DING+Zhifeng&rft.date=2025-04-15&rft.pub=Editorial+Office+of+Computer+Engineering&rft.issn=1000-3428&rft.volume=51&rft.issue=4&rft.spage=47&rft.epage=56&rft_id=info:doi/10.19678%2Fj.issn.1000-3428.0070231&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_a94a6f533a9c4c8fb8f5a8461c023e47 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1000-3428&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1000-3428&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1000-3428&client=summon |