Efficient intrusion detection via heterogeneous graph attention networks and parallel provenance analysis
Lin Wu, Yu-Lai Xie, Shi-Xun Zhao, Pan Zhou, Dan Feng, Avani Wildani, Ya-Yeng WuAbstract
In this paper, we propose IDS-HGAT, a novel intrusion detection system based on a heterogeneous graph attention network. The system can reduce the number of nodes by preprocessing while retaining the graph structure information. IDS-HGAT can consider the semantic information of different types of nodes and edges and the structure information of the provenance graph, and effectively aggregate the semantic information to build a classification model without constructing a rule base. In order to improve the detection efficiency, IDS-HGAT employs the Stream data type in Redis to build a message queue to support parallel storage and acquisition of provenance data. The experimental results show that IDS-HGAT is better than the existing state-of-the-art methods in terms of precision rate, false alarm rate, and time cost.