Exploiting Redundancy in Network Flow Information for Efficient Security Attack Detection

Securing communication networks has become increasingly important due to the growth in cybersecurity attacks, such as ransomware and denial of service attacks. In order to better observe, detect and track attacks in large networks, accurate and efficient anomaly detection algorithms are needed. In this paper, we address how the redundancy of the normal and attack traffic information available from network flow data can be exploited to develop a computationally efficient method for security attack detection. In this work, several sampling strategies are integrated with two graph neural network frameworks that have been employed to detect network attacks with reduced computational overhead, while achieving high detection accuracy. Using network flow data from several types of networks, such as Internet of Things data, the trade-off between model accuracy and computational efficiency for different attacks has been evaluated.