E-minBatch GraphSAGE: An Industrial Internet Attack Detection Model.

The Industrial Internet has grown rapidly in recent years, and attacks against the Industrial Internet have also increased. When compared with the traditional Internet, the industrial Internet has a more complex network structure, and the traditional graph neural network attack behavior detection model cannot well adapt to the complex network environment. To make the model better adapt to the complex network environment, this paper proposes the E-minBatch GraphSAG model. First, the application layer source port and source IP address is used as source nodes, the application layer target port and target IP address are used as target nodes, and the remaining traffic information is used as edge information to complete the construction of the graph structure data, and then the constructed graph structure data is presampled to select the edge information that needs to be aggregated next, followed by using the AGG aggregation function to aggregate the information in the domain generated by the presampling process. Finally, the information of two adjacent nodes is aggregated as edge information to classify the edges. Increase the number of IP addresses in the UNSW-NB15 dataset, and then use it for model training and testing. The experimental results show that the accuracy of the model reaches 99.49% in a relatively complex network environment. In this paper, the E-minBatch GraphSAG model is presented in an attempt to solve the problem of attack detection in the complex industrial Internet environment. [ABSTRACT FROM AUTHOR]