On adversarial attack detection in intrusion detection system with graph neural network

To date, machine learning models have been widely applied to intrusion detection system (IDS) for improving detection accuracy, where most IDS suffer from adversarial evasion attacks that may lead to data loss and user privacy leakage. Although there have been numerous solutions proposed against adversarial evasion attacks, they often neglect the relationships between different traffic and heavily relied on data labels. Therefore, this paper proposes AEDGNN, a new approach for detecting adversarial evasion attacks using graph neural network (GNN) model. On one hand, AEDGNN employs E-GraphSAGE to capture network topology in IDS for building the relationship between different inputs. On the other hand, AEDGNN utilizes deep graph infomax (DGI) to train the GNN in a self-supervised manner for maximizing mutual information between local and global representations. In addition, to clarify the practical performance of defending against traditional adversarial attacks, we implement AEDGNN and classic machine learning models based on CIC-IDS2018 benchmark dataset. The experimental results show that AEDGNN achieves significant improvements on both normal and adversarial samples compared to classic solutions. The accuracy of AEDGNN is 0.02%–1.53% higher than that of classic solutions for normal samples, and 26.04%–59.04% higher for adversarial samples.