Self-Supervised Learning of Graph Representations for Network Intrusion Detection¶
Conference: NeurIPS 2025 arXiv: 2509.16625 Code: N/A Area: Cybersecurity / Graph Learning Keywords: network intrusion detection, graph neural networks, self-supervised learning, masked autoencoder, anomaly detection
TL;DR¶
This paper proposes GraphIDS, a self-supervised intrusion detection model that unifies graph representation learning and anomaly detection via a masked autoencoder, achieving a PR-AUC of 99.98% and macro F1 of 99.61% on multiple NetFlow benchmarks, surpassing baselines by 5–25 percentage points.
Background & Motivation¶
Background: Network intrusion detection is highly challenging under limited annotations and continuously evolving attack patterns; graph neural networks (GNNs) have recently been introduced to this domain.
Limitations of Prior Work: Existing GNN-based methods decouple representation learning from anomaly detection, resulting in learned embeddings that are not optimized for identifying attacks.
Key Challenge: Unsupervised/self-supervised approaches are necessary due to the ever-changing nature of attack types and insufficient labeled data, yet the representation learning objective is misaligned with the detection objective.
Key Insight: Unifying graph representation learning and anomaly detection within an end-to-end framework so that embeddings are directly optimized for the downstream detection task.
Method¶
Overall Architecture¶
GraphIDS proceeds in three steps: (1) constructing local communication graphs from network traffic; (2) encoding each flow and its topological context with an inductive GNN; and (3) reconstructing embeddings with a Transformer encoder–decoder, where flows with high reconstruction error at inference time are flagged as intrusions.
Key Designs¶
-
Local Graph Representation Learning
- Function: Constructs a local subgraph containing neighboring communications for each network flow.
- Mechanism: Captures local topological patterns of normal communication.
- Design Motivation: A global graph is infeasible due to scale; local graphs preserve essential context.
-
Inductive Graph Neural Network Encoder
- Function: Embeds each flow together with its local topological context into a vector space.
- Mechanism: Employs inductive message-passing GNNs to generalize to unseen IP addresses.
- Design Motivation: Network environments are dynamic and must handle previously unseen nodes.
-
Transformer Masked Autoencoder
- Function: Learns global co-occurrence patterns.
- Mechanism: An encoder–decoder reconstructs masked embeddings; self-attention implicitly models global inter-flow relationships without requiring explicit positional encodings.
- Design Motivation: Global patterns complement local topology.
-
Reconstruction Error-Based Anomaly Detection
- At inference time, normal flows yield low reconstruction error, while attack flows deviate from normal patterns and thus incur high reconstruction error.
- The detection threshold is determined using normal data from a validation set.
Loss & Training¶
- Trained exclusively on normal traffic (no labeled attack samples required).
- Masking ratio: 30% of embeddings are randomly masked.
- Loss function: MSE reconstruction loss.
Key Experimental Results¶
Main Results: Performance on Benchmark Datasets¶
| Dataset | Metric | Prev. SOTA | GraphIDS | Gain |
|---|---|---|---|---|
| NF-CSE-CIC-IDS2018 | PR-AUC | 91.23% | 99.98% | +8.75pp |
| NF-UNSW-NB15 | PR-AUC | 82.56% | 95.42% | +12.86pp |
| NF-ToN-IoT | PR-AUC | 74.31% | 99.52% | +25.21pp |
| NF-CSE-CIC-IDS2018 | Macro F1 | 88.45% | 99.61% | +11.16pp |
| NF-UNSW-NB15 | Macro F1 | 79.23% | 93.87% | +14.64pp |
| NF-ToN-IoT | Macro F1 | 72.15% | 98.94% | +26.79pp |
Ablation Study¶
| Configuration | PR-AUC (CSE-CIC) | Macro F1 |
|---|---|---|
| No local graph (flow features only) | 89.34% | 86.52% |
| No Transformer (GNN only) | 95.67% | 93.21% |
| No masking (full reconstruction) | 97.45% | 96.88% |
| GNN + Transformer (no masked AE) | 96.12% | 94.53% |
| GraphIDS (full) | 99.98% | 99.61% |
Key Findings¶
- The combination of local graph and global Transformer contributes most significantly to performance.
- The masking mechanism forces the model to learn richer representations, yielding a 2.5pp improvement over full reconstruction.
- The model demonstrates strong generalization to unseen attack types.
- The inductive GNN enables the model to handle dynamic network topologies.
Highlights & Insights¶
- End-to-End Unification: Representation learning directly serves the detection objective, eliminating the two-stage disconnect.
- Self-Supervised Paradigm: Training requires no attack labels, which is well-suited to real-world deployment scenarios.
- The exceptionally high PR-AUC of 99.98% is notable.
Limitations & Future Work¶
- Detection granularity is at the NetFlow level, which may fail to capture application-layer attack details.
- Threshold selection relies on assumptions about the distribution of normal traffic.
- Latency and throughput for large-scale real-time deployment are not thoroughly evaluated.
- Effectiveness on encrypted traffic has not been validated.
- Mechanisms for adapting to temporal dynamics (concept drift) are absent.
Related Work & Insights¶
- MAE (He et al. 2022): masked autoencoder.
- E-GraphSAGE: GNN for network intrusion detection.
- DeepSVDD (Ruff et al. 2018): deep anomaly detection.
- Insight: Self-supervised masked reconstruction shows broad promise in the security domain and is extensible to IoT and industrial control networks.
Rating¶
- Novelty: ⭐⭐⭐⭐ — First application of a unified framework with masked AE in NIDS.
- Experimental Thoroughness: ⭐⭐⭐⭐⭐ — Multiple datasets with comprehensive ablations.
- Writing Quality: ⭐⭐⭐⭐ — Clear and coherent presentation.
- Value: ⭐⭐⭐⭐⭐ — High practical deployment value with outstanding performance.