Metric learning aims to learn distances from the data, which enhances the performance of similarity-based algorithms. An author style detection task is a metric learning problem, where learning style features with small intra-class variations and larger inter-class differences is of great importance to achieve better performance. Recently, metric learning based on softmax loss has been used successfully for style detection. While softmax loss can produce separable representations, its discriminative power is relatively poor. In this work, we propose NBC-Softmax, a contrastive loss based clustering technique for softmax loss, which is more intuitive and able to achieve superior performance. Our technique meets the criterion for larger number of samples, thus achieving block contrastiveness, which is proven to outperform pair-wise losses. It uses mini-batch sampling effectively and is scalable. Experiments on 4 darkweb social forums, with NBCSAuthor that uses the proposed NBC-Softmax for author and sybil detection, shows that our negative block contrastive approach constantly outperforms state-of-the-art methods using the same network architecture. Our code is publicly available at : https://github.com/gayanku/NBC-Softmax

Machine Learning (ML) approaches have been used to enhance the detection capabilities of Network Intrusion Detection Systems (NIDSs). Recent work has achieved near-perfect performance by following binary- and multi-class network anomaly detection tasks. Such systems depend on the availability of both (benign and malicious) network data classes during the training phase. However, attack data samples are often challenging to collect in most organisations due to security controls preventing the penetration of known malicious traffic to their networks. Therefore, this paper proposes a Deep One-Class (DOC) classifier for network intrusion detection by only training on benign network data samples. The novel one-class classification architecture consists of a histogram-based deep feed-forward classifier to extract useful network data features and use efficient outlier detection. The DOC classifier has been extensively evaluated using two benchmark NIDS datasets. The results demonstrate its superiority over current state-of-the-art one-class classifiers in terms of detection and false positive rates.

对比学习最近在包括图形在内的许多领域取得了巨大的成功。然而，对比损失，尤其是对于图形，需要大量的负样本，这些样本是不可计算的，并且在二次时复杂性具有计算性过高。子采样不是最佳和不正确的负抽样导致采样偏差。在这项工作中，我们提出了一种基于元节点的近似技术，该技术可以（a）代理二次群集大小的时间复杂性中的所有负组合（b），（c）在图级别，而不是节点级别，（d）利用图形稀疏性。通过用添加群集对替换节点对，我们在图表级别计算群集时间的负fertiations。最终的代理近似元节点对比度（PAMC）损失基于简单优化的GPU操作，可捕获完整的负面因素，但具有线性时间复杂性，但具有有效的效率。通过避免采样，我们有效地消除了样本偏差。我们符合大量样品的标准，从而实现了块对比度，这被证明超过了成对的损失。我们使用学习的软群集分配进行元节点收缩，并避免在边缘创建过程中添加可能的异质和噪声。从理论上讲，我们表明现实世界图表很容易满足我们近似所需的条件。从经验上讲，我们在6个基准测试上表现出对最先进的图形聚类的有希望的准确性。重要的是，我们在效率方面获得了可观的收益。训练时间最多可达3倍，推理时间为1.8倍，减少GPU记忆的时间超过5倍。

在本文中，我们提出了XG-Bot，这是一种可解释的深层图神经网络模型，用于僵尸网络淋巴结检测。所提出的模型主要由僵尸网络检测器和自动取证的解释器组成。XG机器人检测器可以有效检测大型网络下的恶意僵尸网络节点。具体而言，它利用与图同构网络的分组可逆残差连接从僵尸网络通信图中学习表达性节点表示。XG机器人中的解释器可以通过突出可疑网络流和相关的僵尸网络节点来执行自动网络取证。我们评估了现实世界中的大规模僵尸网络网络图。总体而言，就评估指标而言，XG机器人能够超越最先进的方法。此外，我们表明XG机器人解释器可以基于自动网络取证的Gnnexplainer生成有用的解释。

本文研究了图形神经网络（GNNS）应用程序，以进行自我监督的网络入侵和异常检测。 GNN是一种基于图的数据的深度学习方法，它将图形结构纳入学习以概括图表和输出嵌入。由于网络流量自然基于图，因此GNN非常适合分析和学习网络行为。基于GNN的网络入侵检测系统（NIDSS）的最新实现很大程度上依赖于标记的网络流量，这不仅可以限制输入流量的数量和结构，还可以限制NIDSS的潜力来适应看不见的攻击。为了克服这些限制，我们提出了异常-E，这是GNN的入侵和异常检测方法，该方法在自我监督过程中利用边缘特征和图形拓扑结构。据我们所知，这种方法是第一种成功且实用的方法来进行网络入侵检测，该方法利用网络流动在自我监督，边缘利用GNN中。两个现代基准NIDS数据集的实验结果不仅清楚地显示了使用Anomal-E嵌入而不是原始功能的改进，而且还显示了对野生网络流量检测的潜在异常-E具有的潜在异常功能。

本文提出了一种基于图形神经网络（GNN）的新的Android恶意软件检测方法，并具有跳跃知识（JK）。Android函数呼叫图（FCGS）由一组程序功能及其术间调用组成。因此，本文提出了一种基于GNN的方法，用于通过捕获有意义的心理内呼叫路径模式来检测Android恶意软件的检测方法。此外，采用跳跃知识技术来最大程度地减少过度平滑问题的效果，这在GNN中很常见。该方法已使用两个基准数据集对所提出的方法进行了广泛的评估。结果表明，与关键分类指标相比，与最先进的方法相比，我们的方法的优越性，这证明了GNN在Android恶意软件检测和分类中的潜力。

在单个组织中设计和评估时，机器学习（ML）在检测网络攻击中的用途是有效的。然而，通过利用源自若干来源的异构网络数据样本来设计基于ML的检测系统非常具有挑战性。这主要是由于隐私问题和缺乏数据集的普遍格式。在本文中，我们提出了协同联合学习计划来解决这些问题。拟议的框架允许多个组织在设计，培训和评估中加入强大的ML的网络入侵检测系统的武力。威胁情报方案利用其应用的两个关键方面;以通用格式提供网络数据流量的可用性，以允许在数据源上提取有意义的模式。其次，采用联合学习机制来避免在组织之间共享敏感用户信息的必要性。因此，每个组织都与其他组织网络威胁智能受益，同时在内部保持其数据的隐私。该模型在本地培训，只有更新的权重与剩余的参与者共享联合平均过程。通过使用称为NF-UNSW-NB15-V2和NF-BOT-IOT-V2的NETFOL格式的两个密钥数据集，在本文中设计和评估了该框架。在评估过程中考虑了另外两种常见情景;一种集中式培训方法，其中与其他组织共享本地数据样本和本地化培训方法，没有共享威胁情报。结果证明了通过设计通用ML模型的建议框架的效率和有效性，这些框架模型有效地分类源自多个组织的良性和侵入性流量，而无需当地数据交换。

A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems (NIDSs). Consequently, network interruptions and loss of sensitive data have occurred, which led to an active research area for improving NIDS technologies. In an analysis of related works, it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction (FR) and Machine Learning (ML) techniques on NIDS datasets. However, these datasets are different in feature sets, attack types, and network design. Therefore, this paper aims to discover whether these techniques can be generalised across various datasets. Six ML models are utilised: a Deep Feed Forward (DFF), Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), Decision Tree (DT), Logistic Regression (LR), and Naive Bayes (NB). The accuracy of three Feature Extraction (FE) algorithms; Principal Component Analysis (PCA), Auto-encoder (AE), and Linear Discriminant Analysis (LDA), are evaluated using three benchmark datasets: UNSW-NB15, ToN-IoT and CSE-CIC-IDS2018. Although PCA and AE algorithms have been widely used, the determination of their optimal number of extracted dimensions has been overlooked. The results indicate that no clear FE method or ML model can achieve the best scores for all datasets. The optimal number of extracted dimensions has been identified for each dataset, and LDA degrades the performance of the ML models on two datasets. The variance is used to analyse the extracted dimensions of LDA and PCA. Finally, this paper concludes that the choice of datasets significantly alters the performance of the applied techniques. We believe that a universal (benchmark) feature set is needed to facilitate further advancement and progress of research in this field.

本文介绍了基于图形神经网络（GNN）的新的网络入侵检测系统（NID）。 GNN是深度神经网络的一个相对较新的子领域，可以利用基于图形数据的固有结构。 NIDS的培训和评估数据通常表示为流记录，其可以自然地以图形格式表示。这建立了探索网络入侵检测GNN的潜在和动力，这是本文的重点。基于机器的基于机器的NIDS的目前的研究只考虑网络流动，而不是考虑其互连的模式。这是检测复杂的物联网网络攻击的关键限制，例如IOT设备推出的DDOS和分布式端口扫描攻击。在本文中，我们提出了一种克服了这种限制的GNN方法，并允许捕获图形的边缘特征以及IOT网络中网络异常检测的拓扑信息。据我们所知，我们的方法是第一次成功，实用，广泛地评估应用图形神经网络对使用流基于流的数据的网络入侵检测问题的方法。我们在最近的四个NIDS基准数据集上进行了广泛的实验评估，表明我们的方法在关键分类指标方面占据了最先进的，这证明了网络入侵检测中GNN的潜力，并提供了进一步研究的动机。

Although Reinforcement Learning (RL) has shown impressive results in games and simulation, real-world application of RL suffers from its instability under changing environment conditions and hyperparameters. We give a first impression of the extent of this instability by showing that the hyperparameters found by automatic hyperparameter optimization (HPO) methods are not only dependent on the problem at hand, but even on how well the state describes the environment dynamics. Specifically, we show that agents in contextual RL require different hyperparameters if they are shown how environmental factors change. In addition, finding adequate hyperparameter configurations is not equally easy for both settings, further highlighting the need for research into how hyperparameters influence learning and generalization in RL.