Few Edges Are Enough: Few-Shot Network Attack Detection with Graph Neural Networks
Tristan Bilot, Nour El Madhoun, Khaldoun Al Agha, Anis Zouaoui
TL;DR
This paper presents FEAE, a GNN-based attack detection system that uses few-shot and self-supervised learning to effectively identify cyberattacks with minimal labeled data, outperforming many existing methods.
Contribution
Introduction of FEAE, a novel GNN architecture combining SSL and FSL for effective attack detection with very limited labeled attack examples.
Findings
FEAE achieves competitive results with only 1 attack example per type.
FEAE outperforms self-supervised GNN baselines.
FEAE surpasses some supervised methods on one dataset.
Abstract
Detecting cyberattacks using Graph Neural Networks (GNNs) has seen promising results recently. Most of the state-of-the-art models that leverage these techniques require labeled examples, hard to obtain in many real-world scenarios. To address this issue, unsupervised learning and Self-Supervised Learning (SSL) have emerged as interesting approaches to reduce the dependency on labeled data. Nonetheless, these methods tend to yield more anomalous detection algorithms rather than effective attack detection systems. This paper introduces Few Edges Are Enough (FEAE), a GNN-based architecture trained with SSL and Few-Shot Learning (FSL) to better distinguish between false positive anomalies and actual attacks. To maximize the potential of few-shot examples, our model employs a hybrid self-supervised objective that combines the advantages of contrastive-based and reconstruction-based SSL. By…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.