{"id":"https://openalex.org/W4400976116","doi":"https://doi.org/10.1145/3664476.3664515","title":"GNN-IDS: Graph Neural Network based Intrusion Detection System","display_name":"GNN-IDS: Graph Neural Network based Intrusion Detection System","publication_year":2024,"publication_date":"2024-07-25","ids":{"openalex":"https://openalex.org/W4400976116","doi":"https://doi.org/10.1145/3664476.3664515"},"language":"en","primary_location":{"id":"doi:10.1145/3664476.3664515","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3664476.3664515","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3664476.3664515","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102218123","display_name":"Zhuo Sun","orcid":"https://orcid.org/0009-0003-5026-5947"},"institutions":[{"id":"https://openalex.org/I123387679","display_name":"Uppsala University","ror":"https://ror.org/048a87296","country_code":"SE","type":"education","lineage":["https://openalex.org/I123387679"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Zhenlu Sun","raw_affiliation_strings":["Department of Information Technology, Uppsala University, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Uppsala University, Sweden","institution_ids":["https://openalex.org/I123387679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081810653","display_name":"Andr\u00e9 Teixeira","orcid":"https://orcid.org/0000-0001-5491-4068"},"institutions":[{"id":"https://openalex.org/I123387679","display_name":"Uppsala University","ror":"https://ror.org/048a87296","country_code":"SE","type":"education","lineage":["https://openalex.org/I123387679"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Andr\u00e9 M.H. Teixeira","raw_affiliation_strings":["Department of Information Technology, Uppsala University, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Uppsala University, Sweden","institution_ids":["https://openalex.org/I123387679"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049765702","display_name":"Salman Toor","orcid":"https://orcid.org/0000-0003-0302-6276"},"institutions":[{"id":"https://openalex.org/I123387679","display_name":"Uppsala University","ror":"https://ror.org/048a87296","country_code":"SE","type":"education","lineage":["https://openalex.org/I123387679"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Salman Toor","raw_affiliation_strings":["Department of Information Technology, Uppsala University, Sweden"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Uppsala University, Sweden","institution_ids":["https://openalex.org/I123387679"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5102218123"],"corresponding_institution_ids":["https://openalex.org/I123387679"],"apc_list":null,"apc_paid":null,"fwci":13.1788,"has_fulltext":true,"cited_by_count":38,"citation_normalized_percentile":{"value":0.99151276,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"12"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7897606492042542},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7156937718391418},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.41913869976997375},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3539518713951111}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7897606492042542},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7156937718391418},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.41913869976997375},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3539518713951111}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3664476.3664515","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3664476.3664515","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:DiVA.org:uu-544329","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-544329","pdf_url":"https://uu.diva-portal.org/smash/get/diva2:1917928/FULLTEXT01","source":{"id":"https://openalex.org/S4306401559","display_name":"KTH Publication Database DiVA (KTH Royal Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3664476.3664515","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3664476.3664515","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W44086155","https://openalex.org/W2089554624","https://openalex.org/W2160841769","https://openalex.org/W2768896713","https://openalex.org/W2805759893","https://openalex.org/W2808844959","https://openalex.org/W2926701059","https://openalex.org/W2958285686","https://openalex.org/W2997353660","https://openalex.org/W3000501050","https://openalex.org/W3011124515","https://openalex.org/W3090111074","https://openalex.org/W3169450514","https://openalex.org/W3178367256","https://openalex.org/W3181774430","https://openalex.org/W3182952703","https://openalex.org/W3186172578","https://openalex.org/W3191490876","https://openalex.org/W3208773001","https://openalex.org/W4205357270","https://openalex.org/W4312702896","https://openalex.org/W4320024068","https://openalex.org/W4360604758","https://openalex.org/W4367311412","https://openalex.org/W4378587122","https://openalex.org/W6635235395"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"Intrusion":[0],"detection":[1,75],"systems":[2],"(IDSs)":[3],"are":[4,41,104,116,196],"widely":[5],"used":[6],"to":[7,30,108,142],"identify":[8,161],"anomalies":[9,158],"in":[10,50,65],"computer":[11,101,111],"networks":[12,115,131],"and":[13,45,58,81,91,97,106,139,204],"raise":[14],"alarms":[15],"on":[16,171],"intrusive":[17],"behaviors.":[18],"ML-based":[19],"IDSs":[20],"generally":[21],"take":[22],"network":[23,40,127,175],"traces":[24],"or":[25],"host":[26],"logs":[27],"as":[28,118],"input":[29],"extract":[31],"patterns":[32],"from":[33,182,198],"individual":[34],"samples,":[35],"whereas":[36],"the":[37,63,88,119,134,162,166,188,199],"inter-dependencies":[38],"of":[39,53,100,136,201],"often":[42],"not":[43,155],"captured":[44],"learned,":[46],"which":[47,78],"may":[48],"result":[49],"large":[51],"amounts":[52],"uncertain":[54],"predictions,":[55],"false":[56,59],"positives,":[57],"negatives.":[60],"To":[61],"tackle":[62],"challenges":[64],"intrusion":[66,74,123],"detection,":[67],"we":[68],"propose":[69],"a":[70,172],"graph":[71,90,129],"neural":[72,114,130],"network-based":[73],"system":[76],"(GNN-IDS),":[77],"is":[79],"data-driven":[80],"machine":[82],"learning-empowered.":[83],"In":[84],"our":[85],"proposed":[86,189],"GNN-IDS,":[87],"attack":[89,151],"real-time":[92],"measurements":[93],"that":[94,187],"represent":[95,109],"static":[96],"dynamic":[98],"attributes":[99],"networks,":[102],"respectively,":[103],"incorporated":[105],"associated":[107],"complex":[110],"networks.":[112],"Graph":[113],"employed":[117],"inference":[120],"engine":[121],"for":[122],"detection.":[124],"By":[125],"learning":[126],"connectivity,":[128],"can":[132],"quantify":[133],"importance":[135],"neighboring":[137],"nodes":[138],"node":[140],"features":[141],"make":[143],"more":[144],"reliable":[145],"predictions.":[146],"Furthermore,":[147],"by":[148],"incorporating":[149],"an":[150],"graph,":[152],"GNN-IDS":[153,190],"could":[154],"only":[156],"detect":[157],"but":[159],"also":[160],"malicious":[163],"actions":[164],"causing":[165],"anomalies.":[167],"The":[168,194],"experimental":[169],"results":[170,195],"use":[173],"case":[174],"with":[176],"two":[177],"synthetic":[178],"datasets":[179],"(one":[180],"generated":[181],"public":[183],"IDS":[184],"data)":[185],"show":[186],"achieves":[191],"good":[192],"performance.":[193],"analyzed":[197],"aspects":[200],"uncertainty,":[202],"explainability,":[203],"robustness.":[205]},"counts_by_year":[{"year":2026,"cited_by_count":10},{"year":2025,"cited_by_count":27},{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-02T15:55:50.835912","created_date":"2025-10-10T00:00:00"}