Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Integrating Graph Neural Networks with Scattering Transform for Anomaly Detection

Abdeljalil Zoubir, Badr Missaoui

TL;DR

The paper tackles the challenge of robust anomaly detection in Network Intrusion Detection Systems by introducing two self-supervised, graph-based approaches. STEG combines the Scattering Transform with E-GraphSAGE to produce multi-scale, edge-centric embeddings, while a Node2Vec initialization strategy enriches node representations within the E-GraphSAGE framework. Evaluations on benchmark NetFlow datasets NF-UNSW-NB15-v2 and NF-CSE-CIC-IDS2018-v2 show STEG and Node2Vec-EGS variants outperforming state-of-the-art baselines (including Anomal-E) under both clean and contaminated conditions, with strong macro F1 scores and high accuracy. The results demonstrate practical impact by enhancing anomaly detection through edge-feature analysis and topology-aware node initialization, suggesting greater robustness to evolving network threats in real-world deployments.

Abstract

In this paper, we present two novel methods in Network Intrusion Detection Systems (NIDS) using Graph Neural Networks (GNNs). The first approach, Scattering Transform with E-GraphSAGE (STEG), utilizes the scattering transform to conduct multi-resolution analysis of edge feature vectors. This provides a detailed representation that is essential for identifying subtle anomalies in network traffic. The second approach improves node representation by initiating with Node2Vec, diverging from standard methods of using uniform values, thereby capturing a more accurate and holistic network picture. Our methods have shown significant improvements in performance compared to existing state-of-the-art methods in benchmark NIDS datasets.

Integrating Graph Neural Networks with Scattering Transform for Anomaly Detection

TL;DR

The paper tackles the challenge of robust anomaly detection in Network Intrusion Detection Systems by introducing two self-supervised, graph-based approaches. STEG combines the Scattering Transform with E-GraphSAGE to produce multi-scale, edge-centric embeddings, while a Node2Vec initialization strategy enriches node representations within the E-GraphSAGE framework. Evaluations on benchmark NetFlow datasets NF-UNSW-NB15-v2 and NF-CSE-CIC-IDS2018-v2 show STEG and Node2Vec-EGS variants outperforming state-of-the-art baselines (including Anomal-E) under both clean and contaminated conditions, with strong macro F1 scores and high accuracy. The results demonstrate practical impact by enhancing anomaly detection through edge-feature analysis and topology-aware node initialization, suggesting greater robustness to evolving network threats in real-world deployments.

Abstract

In this paper, we present two novel methods in Network Intrusion Detection Systems (NIDS) using Graph Neural Networks (GNNs). The first approach, Scattering Transform with E-GraphSAGE (STEG), utilizes the scattering transform to conduct multi-resolution analysis of edge feature vectors. This provides a detailed representation that is essential for identifying subtle anomalies in network traffic. The second approach improves node representation by initiating with Node2Vec, diverging from standard methods of using uniform values, thereby capturing a more accurate and holistic network picture. Our methods have shown significant improvements in performance compared to existing state-of-the-art methods in benchmark NIDS datasets.
Paper Structure (28 sections, 10 equations, 9 figures, 10 tables, 1 algorithm)

This paper contains 28 sections, 10 equations, 9 figures, 10 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Background
  4. Graph Neural Networks
  5. GraphSAGE
  6. Node Embedding process
  7. Enhanced E-GraphSAGE
  8. Methodology
  9. Scattering Transform with E-GraphSAGE (STEG)
  10. Scattering Transform
  11. STEG
  12. Node2Vec initialization with E-GraphSAGE
  13. Data Preparation and Network Graph Building
  14. Anomaly Detection Training Approach
  15. Implementing and Refining Anomaly Detection Algorithms
  16. ...and 13 more sections

Figures (9)

  • Figure 1: Illustration of a Basic Graph (left) juxtaposed with its GraphSAGE Representation using Two-Level Convolutions (right) encompassing Complete Neighborhood Sampling.
  • Figure 2: Multiscale Wavelet Decomposition Structure Analyzing Hierarchical Transformations and Convolution Operations on Signal X
  • Figure 3: Multi-Order Scattering Transform Enhanced Graph-based Anomaly Detection: The procedure begins by converting raw IP-based network data into a graph representation. These enhanced embeddings are rigorously trained and tested using the Scattering Transform coupled with the E-GraphSAGE (STEG) method. Following training, the revised embeddings are directed into unsupervised machine learning approaches to classify network activity as ’Attack’ or ’Normal’.
  • Figure 4: Visual Aptitude: Using Scattering Transforms to Show Multi-Layered Insights
  • Figure 5: From Graph Topology to Vector Embeddings: The Node2Vec Transformation Process
  • ...and 4 more figures