Jing Han and Kenan Qin
Jing Han
School of Computer Science, Shaanxi Normal University, Xi'an, Shaanxi, 710062, China
With the frequent occurrence of network security incidents in recent years, it has become very important to detect anomalous behaviour in networks as early and accurately as possible. Anomaly detection can improve the security of complex network systems by detecting abnormal and unreliable nodes, and thus it has become a hot research direction that has attracted wide attention. At present, abstracting real complex systems into complex networks for anomaly detection is the mainstream research method. However, the existing methods still have challenges in extracting network heterogeneity information and attribute information, so we propose a multi-view based anomaly detection method for heterogeneous attributed networks, MVAD HAN. This method can better extract the heterogeneous structural information and rich attribute information of the network to model heterogeneous attributed networks. Our method adopts an encoder-decoder architecture. First, in the encoder part, we use the Heterogeneous Graph Transformer with multiple views to learn node embeddings that fuse the heterogeneous information of the network. In the decoder part, we use an inner product decoder to reconstruct the network topology, a multilayer perceptron-based decoder to better reconstruct the network attribute information, and a linear projection to reconstruct the node type information of the network. Finally, we compute an anomaly score for each node using three reconstruction errors: network structure, attributes and node type. The higher the reconstruction error of a node, the higher the anomaly score and the higher the probability of an anomaly. Finally, anomalous nodes are identified by ranking the anomaly scores and setting a threshold. We validate the effectiveness of the proposed method on four real-world datasets. The experimental results show that this method outperforms several of the baseline methods and has a good performance in anomaly detection.
Heterogeneous Attributed Networks, Anomaly Detection, Multi-View, Network Feature Extraction, Encoder-Decoder
Jing Han and Kenan Qin (2023). MVAD HAN: A Multi-View Based Anomaly Detection Method for Heterogeneous Attributed Networks. Journal of Networking and Network Applications, Volume 3, Issue 4, pp. 162–170. https://doi.org/10.33969/J-NaNA.2023.030403.
[1] S. Ngadiron, A. Abd Aziz, and S. S. Mohamed, “The spread of covid-19 fake news on social media and its impact among malaysians,” MULTI-DISCIPLINARY APPROACHES IN SOCIAL SCIENCES, ISLAMIC & TECHNOLOGY (ICMASIT 2020), vol. 13, p. 222, 2020.
[2] A. Talwar, A. Chaudhary, and A. Kumar, “Encryption policies of social media apps and its effect on user’s privacy,” in 2022 10th Interna-tional Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions)(ICRITO), pp. 1–4, IEEE, 2022.
[3] H. Xiao, H. Wei, Q. Liao, Q. Ye, C. Cao, and Y. Zhong, “Exploring the gamification of cybersecurity education in higher education institutions: An analytical study,” in SHS Web of Conferences, vol. 166, p. 01036, EDP Sciences, 2023.
[4] S. Hussain, M. Musa, T. Neeshat, R. Batool, O. Ahmed, F. Zaffar,
A. Gehani, A. Poggio, and M. K. Yadav, “Towards reproducible ran-somware analysis,” in Proceedings of the 16th Cyber Security Experi-mentation and Test Workshop, pp. 1–9, 2023.
[5] B. Lindemann, B. Maschler, N. Sahlab, and M. Weyrich, “A survey on anomaly detection for technical systems using lstm networks,” Computers in Industry, vol. 131, p. 103498, 2021.
[6] J. Su, Y. Dong, M. Yan, J. Qian, and Y. Xin, “Research progress of anomaly detection for complex networks,” Control Decis, vol. 36, pp. 1293–1310, 2021.
[7] L. Akoglu, H. Tong, and D. Koutra, “Graph based anomaly detection and description: a survey,” Data mining and knowledge discovery, vol. 29, pp. 626–688, 2015.
[8] C. Shi, R. Wang, and W. X, “Survey on heterogeneous information networks analysis and applications,” Journal of Software, vol. 33, no. 2, pp. 598–621, 2021.
[9] Z. Li, X. Jin, C. Zhuang, and Z. Sun, “Overview on graph based anomaly detection,” Journal of Software, vol. 32, no. 1, pp. 167–193, 2020.
[10] J. Wang and I. C. Paschalidis, “Botnet detection based on anomaly and community detection,” IEEE Transactions on Control of Network Systems, vol. 4, no. 2, pp. 392–404, 2016.
[11] Y. Luo, Y. Xiao, L. Cheng, G. Peng, and D. Yao, “Deep learning-based anomaly detection in cyber-physical systems: Progress and opportuni-ties,” ACM Computing Surveys (CSUR), vol. 54, no. 5, pp. 1–36, 2021.
[12] M. M. Breunig, H.-P. Kriegel, R. T. Ng, and J. Sander, “Lof: identifying density-based local outliers,” in Proceedings of the 2000 ACM SIGMOD international conference on Management of data, pp. 93–104, 2000.
[13] J. Gao, F. Liang, W. Fan, C. Wang, Y. Sun, and J. Han, “On com-munity outliers and their efficient detection in information networks,” in Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 813–822, 2010.
[14] B. Perozzi, L. Akoglu, P. Iglesias S´anchez, and E. M¨uller, “Focused clustering and outlier detection in large attributed graphs,” in Proceed-ings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 1346–1355, 2014.
[15] Z. Peng, M. Luo, J. Li, H. Liu, Q. Zheng, et al., “Anomalous: A joint modeling approach for anomaly detection on attributed networks.,” in IJCAI, pp. 3513–3519, 2018.
[16] J. Li, H. Dani, X. Hu, and H. Liu, “Radar: Residual analysis for anomaly detection in attributed networks.,” in IJCAI, vol. 17, pp. 2152–2158, 2017.
[17] K. Ding, J. Li, R. Bhanushali, and H. Liu, “Deep anomaly detection on attributed networks,” in Proceedings of the 2019 SIAM International Conference on Data Mining, pp. 594–602, SIAM, 2019.
[18] Z. You, X. Gan, L. Fu, and Z. Wang, “Gatae: Graph attention-based anomaly detection on attributed networks,” in 2020 IEEE/CIC Interna-tional Conference on Communications in China (ICCC), pp. 389–394, IEEE, 2020.
[19] D. Sun, Z. Wu, Y. Wang, Q. Lv, and B. Hu, “Cyber profiles based risk prediction of application systems for effective access control,” in 2019 IEEE Symposium on Computers and Communications (ISCC), pp. 1–7, IEEE, 2019.
[20] Y. Liu, A. Sarabi, J. Zhang, P. Naghizadeh, M. Karir, M. Bailey, and
M. Liu, “Cloudy with a chance of breach: Forecasting cyber security incidents,” in 24th USENIX Security Symposium (USENIX Security 15), pp. 1009–1024, 2015.
[21] A. Sarabi, P. Naghizadeh, Y. Liu, and M. Liu, “Risky business: Fine-grained data breach prediction using business profiles,” Journal of Cybersecurity, vol. 2, no. 1, pp. 15–28, 2016.
[22] Z. Fang, M. Xu, S. Xu, and T. Hu, “A framework for predicting data breach risk: Leveraging dependence to cope with sparsity,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 2186–2201, 2021.
[23] J. Zhao, X. Liu, Q. Yan, B. Li, M. Shao, H. Peng, and L. Sun, “Automat-ically predicting cyber attack preference with attributed heterogeneous attention networks and transductive learning,” computers & security, vol. 102, p. 102152, 2021.
[24] Y. Gao, X. Li, H. Peng, B. Fang, and S. Y. Philip, “Hincti: A cyber threat intelligence modeling and identification system based on heterogeneous information network,” IEEE Transactions on Knowledge and Data Engineering, vol. 34, no. 2, pp. 708–722, 2020.
[25] J. Zhao, Q. Yan, X. Liu, B. Li, and G. Zuo, “Cyber threat intelligence modeling based on heterogeneous graph convolutional network,” in 23rd international symposium on research in attacks, intrusions and defenses (RAID 2020), pp. 241–256, 2020.
[26] X. Ma, L. Wang, Q. Lv, Y. Wang, Q. Zhang, and J. Jiang, “Cyevent2vec: Attributed heterogeneous information network based event embedding framework for cyber security events analysis,” in 2022 International Joint Conference on Neural Networks (IJCNN), pp. 01–08, IEEE, 2022.
[27] Y. Han, L. Qiao, J. Zheng, Z. Kan, L. Feng, Y. Gao, Y. Tang, Q. Zhai,
D. Li, and X. Liao, “Multi-view interaction learning for few-shot relation classification,” in Proceedings of the 30th ACM International Conference on Information & Knowledge Management, pp. 649–658, 2021.
[28] H. Su, S. Maji, E. Kalogerakis, and E. Learned-Miller, “Multi-view convolutional neural networks for 3d shape recognition,” in Proceedings of the IEEE international conference on computer vision, pp. 945–953, 2015.
[29] J. Mao, W. Xu, Y. Yang, J. Wang, Z. Huang, and A. Yuille, “Deep captioning with multimodal recurrent neural networks (m-rnn),” arXiv preprint arXiv:1412.6632, 2014.
[30] Y. Li, M. Yang, and Z. Zhang, “A survey of multi-view representa-tion learning,” IEEE transactions on knowledge and data engineering, vol. 31, no. 10, pp. 1863–1883, 2018.
[31] Z. Hu, Y. Dong, K. Wang, and Y. Sun, “Heterogeneous graph trans-former,” in Proceedings of the web conference 2020, pp. 2704–2710, 2020.
[32] S. Yang, B. Zhang, S. Feng, Z. Tan, Q. Zheng, J. Zhou, and M. Luo, “Ahead: A triple attention based heterogeneous graph anomaly detection approach,” in Chinese Intelligent Automation Conference, pp. 542–552, Springer, 2023.
[33] D. P. Kingma and J. Ba, “Adam: A method for stochastic optimization,” arXiv preprint arXiv:1412.6980, 2014.
[34] T. N. Kipf and M. Welling, “Variational graph auto-encoders,” arXiv preprint arXiv:1611.07308, 2016.
[35] S. Bandyopadhyay, L. N, S. V. Vivek, and M. N. Murty, “Outlier resistant unsupervised deep architectures for attributed network embedding,” in Proceedings of the 13th international conference on web search and data mining, pp. 25–33, 2020.
[36] Z. Peng, M. Luo, J. Li, L. Xue, and Q. Zheng, “A deep multi-view framework for anomaly detection on attributed networks,” IEEE Transactions on Knowledge and Data Engineering, vol. 34, no. 6, pp. 2539–2552, 2020.