As the number of IoT devices increases, security concerns become more prominent. The impact of threats can be minimized by deploying Network Intrusion Detection System (NIDS) by monitoring network traffic, detecting and discovering intrusions, and issuing security alerts promptly. Most intrusion detection research in recent years has been directed towards the pair of traffic itself without considering the interrelationships among them, thus limiting the monitoring of complex IoT network attack events. Besides, anomalous traffic in real networks accounts for only a small fraction, which leads to a severe imbalance problem in the dataset that makes algorithmic learning and prediction extremely difficult. In this paper, we propose an EG-ConMix method based on E-GraphSAGE, incorporating a data augmentation module to fix the problem of data imbalance. In addition, we incorporate contrastive learning to discern the difference between normal and malicious traffic samples, facilitating the extraction of key features. Extensive experiments on two publicly available datasets demonstrate the superior intrusion detection performance of EG-ConMix compared to state-of-the-art methods. Remarkably, it exhibits significant advantages in terms of training speed and accuracy for large-scale graphs.

翻译：随着物联网设备数量的增加，安全问题日益突出。通过部署网络入侵检测系统（NIDS），监控网络流量、检测并发现入侵行为，并及时发出安全警报，可将威胁的影响降至最低。近年来大多数入侵检测研究主要针对流量本身，而未考虑流量之间的相互关联，从而限制了对复杂物联网网络攻击事件的监控。此外，真实网络中的异常流量仅占很小比例，这导致数据集中存在严重的类别不平衡问题，使得算法学习与预测极为困难。本文提出了一种基于E-GraphSAGE的EG-ConMix方法，并结合数据增强模块以解决数据不平衡问题。此外，我们引入了对比学习来区分正常流量与恶意流量样本之间的差异，从而促进关键特征的提取。在两个公开数据集上的大量实验表明，与现有最优方法相比，EG-ConMix在入侵检测性能上表现更优。值得注意的是，它在大规模图的训练速度和准确率方面展现出显著优势。