The most recent proposals of Machine and Deep Learning algorithms for Network Intrusion Detection Systems (NIDS) leverage Graph Neural Networks (GNN). These techniques create a graph representation of network traffic and analyze both network topology and netflow features to produce more accurate predictions. Although prior research shows promising results, they are biased by evaluation methodologies that are incompatible with real-world online intrusion detection. We are the first to identify these issues and to evaluate the performance of a state-of-the-art GNN-NIDS under real-world constraints. The experiments demonstrate that the literature overestimates the detection performance of GNN-based NIDS. Our results analyze and discuss the trade-off between detection delay and detection performance for different types of attacks, thus paving the way for the practical deployment of GNN-based NIDS.

Practical Evaluation of Graph Neural Networks in Network Intrusion Detection / Venturi, A.; Pellegrini, D.; Andreolini, M.; Ferretti, L.; Marchetti, M.; Colajanni, M.. - 3488:(2023). (Intervento presentato al convegno 2023 Italian Conference on Cyber Security, ITASEC 2023 tenutosi a ita nel 2023).

Practical Evaluation of Graph Neural Networks in Network Intrusion Detection

Venturi A.
;Andreolini M.;Ferretti L.;Marchetti M.;Colajanni M.
2023

Abstract

The most recent proposals of Machine and Deep Learning algorithms for Network Intrusion Detection Systems (NIDS) leverage Graph Neural Networks (GNN). These techniques create a graph representation of network traffic and analyze both network topology and netflow features to produce more accurate predictions. Although prior research shows promising results, they are biased by evaluation methodologies that are incompatible with real-world online intrusion detection. We are the first to identify these issues and to evaluate the performance of a state-of-the-art GNN-NIDS under real-world constraints. The experiments demonstrate that the literature overestimates the detection performance of GNN-based NIDS. Our results analyze and discuss the trade-off between detection delay and detection performance for different types of attacks, thus paving the way for the practical deployment of GNN-based NIDS.
2023
2023 Italian Conference on Cyber Security, ITASEC 2023
ita
2023
2-s2.0-85174199533
3488
Venturi, A.; Pellegrini, D.; Andreolini, M.; Ferretti, L.; Marchetti, M.; Colajanni, M.
Practical Evaluation of Graph Neural Networks in Network Intrusion Detection / Venturi, A.; Pellegrini, D.; Andreolini, M.; Ferretti, L.; Marchetti, M.; Colajanni, M.. - 3488:(2023). (Intervento presentato al convegno 2023 Italian Conference on Cyber Security, ITASEC 2023 tenutosi a ita nel 2023).
File in questo prodotto:
File Dimensione Formato  
paper29.pdf

Open access

Tipologia: VOR - Versione pubblicata dall'editore
Dimensione 1.23 MB
Formato Adobe PDF
Visualizza/Apri
1.23 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1322647
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact