ARGANIDS: A novel Network Intrusion Detection System based on adversarially Regularized Graph Autoencoder

Machine Learning (ML) algorithms are largely adopted in modern Network Intrusion Detection Systems (NIDS). The most recent researches propose the use of Graph Neural Networks (GNN) to improve the detection performance. Instead of analyzing each network flow independently, these novel algorithms operate over a graph representation of the data that can take into account the network topology. This paper presents a novel NIDS based on the Adversarially Regularized Graph Autoencoder (ARGA) algorithm. Unlike existing proposals, ARGA offers several advantages as it encodes both the topological information of the graph and the node features in a compact latent representation through an un-supervised autoencoder. Moreover, it derives robust embedding through an additional regularization phase based on adversarial training. We consider also two ARGA variants, namely ARVGA for variational autoencoder and ARVGA-AX for content information reconstruction. A large experimental campaign using two public datasets demonstrates that our proposals are able to outperform other state-of-the-art GNN-based algorithms that already provide good results for network intrusion detection.