Network Anomaly Detection Integrating Dynamic Graph Embedding and Transformer Autoencoder

Network anomaly detection aims to promptly identify and respond to malicious activities and potential threats within networks. Most existing graph-embedding-based methods are designed for static graphs and neglect fine-grained temporal information, thus failing to capture the continuity of dynamic n...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Ji suan ji gong cheng Jg. 51; H. 4; S. 47 - 56
1. Verfasser: ZHANG Anqin, DING Zhifeng
Format: Journal Article
Sprache:Chinesisch
Englisch
Veröffentlicht: Editorial Office of Computer Engineering 15.04.2025
Schlagworte:
dynamic graph embedding|transformer autoencoder|network anomaly detection|malicious behavior|long and short-term time-dependence
ISSN:1000-3428
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Network anomaly detection aims to promptly identify and respond to malicious activities and potential threats within networks. Most existing graph-embedding-based methods are designed for static graphs and neglect fine-grained temporal information, thus failing to capture the continuity of dynamic network behaviors and diminishing the effectiveness of network anomaly detection. To enhance the efficiency and accuracy of dynamic network anomaly detection, this study proposes a novel method integrating dynamic graph embedding and Transformer autoencoders. This method leverages temporal-walk-based graph embedding to capture the topological structure and detailed temporal information of the network. It incorporates a Transformer autoencoder with contrastive loss to optimize node embeddings and effectively capture long-term dependencies and global information. This integration enhances the model's ability to perceive dynamic networks, facilitating better detection of time-evolving events and the identification of malicious behaviors. The effectiveness of this method is validated through extensive experiments conducted on two publicly available datasets in network security. Its superior performance on the LANL-2015 dataset is indicated with a True Positive Rate (TPR) of 94.3%, False Positive Rate (FPR) of 5.7%, and an Area Under the Curve (AUC) of 98.3%. Further, on the OpTC dataset, the method achieves a TPR of 99.9%, a FPR of 0.01%, and an AUC of 99.9%. These results demonstrate that the proposed method effectively learns the topology and temporal dependencies of dynamic networks, thereby accurately identifying network anomalies.
ISSN:1000-3428
DOI:10.19678/j.issn.1000-3428.0070231