IEEE Access (Jan 2024)
Graph Learning Framework for Data Link Anomaly Detection
Abstract
The anomaly detection in data links aims to identify the state of the link during data transmission, which is a critical task for ensuring information transmission security. Most anomaly detection methods focus solely on individual link characteristics, disregarding the inter-link structural information, thus hindering effective generalization to graph-structured data. In this study, we introduce a Graph Learning-based Data Link Anomaly Detection model (GLDAE) that considers both the link features and the communication network structure. Specifically, GLDAE comprises a graph enhancement module, a link feature autoencoder, a structure autoencoder, and a discriminator, enabling simultaneous learning of edge features and the latent representation of the graph structure. Moreover, to enhance the model’s generalization capability, we employ contrastive learning between the original graph and its enhanced version. Additionally, to achieve joint learning of edge features and graph structure, we integrate edge feature embeddings and structure embeddings as inputs to the decoder. Finally, utilizing the well-trained encoder to encode link features and derive a new feature representation, we feed it into an MLP classifier to determine the link’s status. Experimental evaluations were conducted on four authentic datasets (NF-UNSW-NB15, NF-UNSW-NB15-v2, NF-ToN-IoT, NF-ToN-IoT-v2), comparing our model against state-of-the-art baseline models, showcasing the substantial potential of our approach.
Keywords