• Article
  • Ingénierie & Outils numériques

Article : Articles dans des revues internationales ou nationales avec comité de lecture

The increasing growth of the Internet of Things (IoT) with the diverse and dynamic nature of devices made detecting and preventing network intrusions more important and challenging. As new and sophisticated cyber-attacks are being used, there is an increasing need for advanced intrusion detection systems that can adapt to emerging threats. The majority of existing methods in the literature lack a comprehensive consideration of complex network features namely the centrality measures. Previous works overlooked the potential insights that can be obtained from the structured relationships within network traffic data. In this study, we propose an approach called Graph Deep Learning framework based on Centrality measures (GDLC). Our approach includes an algorithm to dynamically select the most appropriate centrality measures according to the network’s topological properties created from traffic data. After that, they are integrated with Artificial Intelligence (AI) techniques, specifically the deep learning models: CNN, LSTM, and GRU. We tested our methodology on multiple publicly available cybersecurity datasets, having different network structures and sizes. First, we employ the Susceptible Infectious Recovered (SIR) model to validate the importance of the added centrality measures in identifying the most influential nodes that can be the subject of intrusion attacks. Then, through extensive experimentation and evaluation, we test the effectiveness of our approach in improving the accuracy of the Network Intrusion Detection System (NIDS). The obtained results indicate a significant enhancement in detection rates, that can reach up to 7.7%. This improvement demonstrates the practical value of our proposed methodology and highlights its high capacity to adapt to varying network structures. Integrating AI and complex network features is a promising approach for enhancing the capabilities of the Network Intrusion Detection System, contributing to a more resilient cybersecurity framework.