中圖分類號： TP309
文獻標識碼： A
DOI： 10.19358/j.issn.2096-5133.2021.12.001
引用格式： 胡啟宬，何樹果，朱震. 基于圖神經網絡進程行為嵌入表示的入侵檢測[J].信息技術與網絡安全，2021，40(12)：1-7.

Intrusion detection with Graph Neural Network-based process behavior embedding

Abstract： Intrusion detection is important in ensuring the security of cyberspace. With the evolution of intrusion techniques, intrusion detection system of new generation is in need of an integration of artificial intelligence technology. In this paper, a method of intrusion detection with Graph Neural Network-based process behavior embedding is introduced. This method converts event log of computer systems into the system log object connection graph, and uses framework of Graph Neural Network to embed the vertices of the graph, so as to obtain the vector representation of the process behavior; on this basis, it establishes a multi-stage transition model that describes the overall process behavior baseline for the system, and uses the degree of deviation from this baseline as the basis for intrusion behavior detection. With verification of multiple attack scenarios, the method can detect intrusions effectively.

Key words : intrusion detection；Graph Neural Network；graph representation learning；anomaly detection