$\mathsf{TCG}\text{-}\mathsf{IDS}$ : Robust Network Intrusion Detection via Temporal Contrastive Graph Learning

In the era of zero trust security models and next-generation networks (NGN), the primary challenge is that network nodes may be untrusted, even if they have been verified, necessitating continuous validation and scrutiny. Effective intrusion detection systems (IDS) are crucial for continuously monitoring network traffic and identifying potential threats. However, traditional IDS approaches often struggle to keep pace with evolving threats, requiring extensive supervised training on labeled datasets. This limitation leads to high false positive rates, low detection accuracy, and a failure to provide real-time detection, thereby undermining the security of NGNs. This paper proposed the first self-supervised learning-based IDS, designed on temporal contrastive graph neural network (GNN), namely $\mathsf{TCG}\text{-}\mathsf{IDS}$ . It innovatively integrates three contrastive learning strategies: temporal contrasting to capture temporal dependencies, asymmetric contrasting to account for the diverse interactions within network data, and masked contrasting to enhance the learning of node representations by masking parts of the data during training. Performance evaluation was conducted on two publicly available network traffic datasets, NF-CSE-CIC-IDS2018-V2 and NF-UNSW-NB15-V2. $\mathsf{TCG}\text{-}\mathsf{IDS}$ achieved a balanced accuracy of 99.48% and 91.48% on two datasets respectively, significantly outperforming state-of-the-art graph learning models. In multi-class detection, $\mathsf{TCG}\text{-}\mathsf{IDS}$ attained a mean false positive rate of 4.15% and 3.34% on the two datasets respectively. Besides, it exhibits high efficiency with its running time of 0.37s and 0.51s on the two datasets to predict per batch of 100 samples. Results highlight the effectiveness and efficiency of $\mathsf{TCG}\text{-}\mathsf{IDS}$ in accurately detecting various types of network intrusions. This work significantly advances the field of network intrusion detection via self-supervised temporal graph learning, offering a promising solution for future network security systems.