ResACAG: A graph neural network based intrusion detection

With the continuous growth of network throughput, the field of network security is facing increasingly severe challenges. To address this challenge, this paper proposes a network intrusion detection system based on Graph Neural Network (GNN): Residual Adaptive Context- Aware Graph (ResACAG). GNN, as an emerging branch in the field of deep learning, has shown powerful performance in processing graph-structured data. Although the application of GNN in network intrusion detection is still in its early stages, existing research results have demonstrated its promising prospects. The proposed method adopts an improved self- attention mechanism to capture key information of neighboring edges' features in the network intrusion graph and perform multi-scale adaptive fusion with graph topology features. It introduces a context broadcasting mechanism to achieve global interaction and increase model capacity. Residual connections are additionally added to enhance the network's expressive power. Moreover, adaptive sampling of neighboring edges is proposed, significantly improving the model's generalization ability. The experimental results on two public datasets and one private dataset validate the excellent performance of our method, showcasing not only the significant potential of GNN in the field of network intrusion detection but also providing insights for future research.