基于改进GraphSAGE的网络攻击检测

打开文本图片集

中图分类号：TP309 文献标志码：A DOI：10. 13705/j. issn.1671-6841. 2024126

文章编号：1671-6841（2026）01-0027-08

Abstract：Network atack detection based on deep learning was modeled on Euclidean data and couldn't capture the structural features within attack data. To address this issue，a network atack detection algorithm based on improved graph sample and aggregate （GraphSAGE） was proposed. Firstly，the attack data was initially transformed from a flat structure into a graph structure.Secondly，the GraphSAGE algorithm was enhanced in several ways，including the fusion of node and edge features during the message pasing phase，consideration of the impact of different source nodes on the target node during the message aggregation phase，and the introduction of residual learning mechanism during the edge embedding generation.The experimental results on two public network atack datasets showed that the overall performance of the proposed algorithm was superior to that of the E-GraphSAGE，LSTM，RNN，and CNN algorithms in binary classification scenarios. And the F1 values of the proposed algorithm were higher than comparison algorithms on most attack categories in multi classification scenarios.

Key Words： network attack detection； deep learning； graph neural network ； graph sample and aggre-gate；attention mechanism

0 引言

还是政府机构的运作，互联网都扮演着不可或缺的角色，然而这种依赖也为网络安全问题蒙上了一层阴影。（剩余12916字）