TY - JOUR
T1 - TCG-IDS
T2 - Robust Network Intrusion Detection via Temporal Contrastive Graph Learning
AU - Wu, Cong
AU - Sun, Jianfei
AU - Chen, Jing
AU - Alazab, Mamoun
AU - Liu, Yang
AU - Xiang, Yang
PY - 2025
Y1 - 2025
N2 - In the era of zero trust security models and next-generation networks (NGN), the primary challenge is that network nodes may be untrusted, even if they have been verified, necessitating continuous validation and scrutiny. Effective intrusion detection systems (IDS) are crucial for continuously monitoring network traffic and identifying potential threats. However, traditional IDS approaches often struggle to keep pace with evolving threats, requiring extensive supervised training on labeled datasets. This limitation leads to high false positive rates, low detection accuracy, and a failure to provide real-time detection, thereby undermining the security of NGNs. This paper proposed the first self-supervised learning-based IDS, designed on temporal contrastive graph neural network (GNN), namely TCG-IDS. It innovatively integrates three contrastive learning strategies: temporal contrasting to capture temporal dependencies, asymmetric contrasting to account for the diverse interactions within network data, and masked contrasting to enhance the learning of node representations by masking parts of the data during training. Performance evaluation was conducted on two publicly available network traffic datasets, NF-CSE-CIC-IDS2018-V2 and NF-UNSW-NB15-V2. TCG-IDS achieved a balanced accuracy of 99.48% and 91.48% on two datasets respectively, significantly outperforming state-of-the-art graph learning models. In multi-class detection, TCG-IDS attained a mean false positive rate of 4.15% and 3.34% on the two datasets respectively. Besides, it exhibits high efficiency with its running time of 0.37s and 0.51s on the two datasets to predict per batch of 100 samples. Results highlight the effectiveness and efficiency of TCG-IDS in accurately detecting various types of network intrusions. This work significantly advances the field of network intrusion detection via self-supervised temporal graph learning, offering a promising solution for future network security systems.
AB - In the era of zero trust security models and next-generation networks (NGN), the primary challenge is that network nodes may be untrusted, even if they have been verified, necessitating continuous validation and scrutiny. Effective intrusion detection systems (IDS) are crucial for continuously monitoring network traffic and identifying potential threats. However, traditional IDS approaches often struggle to keep pace with evolving threats, requiring extensive supervised training on labeled datasets. This limitation leads to high false positive rates, low detection accuracy, and a failure to provide real-time detection, thereby undermining the security of NGNs. This paper proposed the first self-supervised learning-based IDS, designed on temporal contrastive graph neural network (GNN), namely TCG-IDS. It innovatively integrates three contrastive learning strategies: temporal contrasting to capture temporal dependencies, asymmetric contrasting to account for the diverse interactions within network data, and masked contrasting to enhance the learning of node representations by masking parts of the data during training. Performance evaluation was conducted on two publicly available network traffic datasets, NF-CSE-CIC-IDS2018-V2 and NF-UNSW-NB15-V2. TCG-IDS achieved a balanced accuracy of 99.48% and 91.48% on two datasets respectively, significantly outperforming state-of-the-art graph learning models. In multi-class detection, TCG-IDS attained a mean false positive rate of 4.15% and 3.34% on the two datasets respectively. Besides, it exhibits high efficiency with its running time of 0.37s and 0.51s on the two datasets to predict per batch of 100 samples. Results highlight the effectiveness and efficiency of TCG-IDS in accurately detecting various types of network intrusions. This work significantly advances the field of network intrusion detection via self-supervised temporal graph learning, offering a promising solution for future network security systems.
KW - Cyber security
KW - intrusion detection system
KW - network security
KW - temporal graph neural network
UR - http://www.scopus.com/inward/record.url?scp=85216074198&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2025.3530702
DO - 10.1109/TIFS.2025.3530702
M3 - Article
AN - SCOPUS:85216074198
SN - 1556-6013
VL - 20
SP - 1475
EP - 1486
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
ER -