Abnormal behavior detection based on GCN-BiLSTM

With the rapid development of the Internet, the world is gradually moving toward the information age, and the current cyber security situation is getting more and more serious. Traditional methods based on statistical analysis, feature proximity, tensor decomposition, etc. have detection limitations and low detection accuracy when addressing user network security issues. In this paper, we propose an anomaly behavior detection method based on GCN-BiLSTM. First, a graph convolutional neural network is used as a feature extractor to extract the useful graph structure information in the network as a representation vector for the entire graph. Then, a bidirectional long short-term memory network method with an integrated attention mechanism is used for training, and the abnormal behavior detection is completed by combining the extracted feature information. Experiments were conducted on the IDS2017 dataset and compared with the current typical abnormal behavior detection methods, showing that the accuracy of the GCN-BiLSTM based anomaly detection method is further improved and the overall performance is better, which verifies the effectiveness of the proposed method.