{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T14:48:18Z","timestamp":1773931698455,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":38,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819777365","type":"print"},{"value":"9789819777372","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-97-7737-2_15","type":"book-chapter","created":{"date-parts":[[2024,9,13]],"date-time":"2024-09-13T10:03:10Z","timestamp":1726221790000},"page":"257-276","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Few Edges are Enough: Few-Shot Network Attack Detection with\u00a0Graph Neural Networks"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4153-735X","authenticated-orcid":false,"given":"Tristan","family":"Bilot","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7742-7748","authenticated-orcid":false,"given":"Nour","family":"El Madhoun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6595-5866","authenticated-orcid":false,"given":"Khaldoun","family":"Al Agha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-0273-4601","authenticated-orcid":false,"given":"Anis","family":"Zouaoui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,9,13]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Bilot, T., El\u00a0Madhoun, N., Al\u00a0Agha, K., Zouaoui, A.: A benchmark of graph augmentations for contrastive learning-based network attack detection with graph neural networks. In: 2023 7th Cyber Security in Networking Conference (CSNet), pp. 53\u201356. IEEE (2023)","DOI":"10.1109\/CSNet59123.2023.10339697"},{"key":"15_CR2","doi-asserted-by":"publisher","first-page":"49114","DOI":"10.1109\/ACCESS.2023.3275789","volume":"11","author":"T Bilot","year":"2023","unstructured":"Bilot, T., El Madhoun, N., Al Agha, K., Zouaoui, A.: Graph neural networks for intrusion detection: a survey. IEEE Access 11, 49114\u201349139 (2023)","journal-title":"IEEE Access"},{"key":"15_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3664649","volume":"56","author":"T Bilot","year":"2023","unstructured":"Bilot, T., El Madhoun, N., Al Agha, K., Zouaoui, A.: A survey on malware detection with graph representation learning. ACM Comput. Surv. 56, 1\u201336 (2023)","journal-title":"ACM Comput. Surv."},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Bilot, T., Geis, G., Hammi, B.: PhishGNN: a phishing website detection framework using graph neural networks. In: 19th International Conference on Security and Cryptography, pp. 428\u2013435. SCITEPRESS-Science and Technology Publications (2022)","DOI":"10.5220\/0011328600003283"},{"issue":"6","key":"15_CR5","doi-asserted-by":"publisher","first-page":"3855","DOI":"10.1109\/TDSC.2021.3108782","volume":"19","author":"Y Cao","year":"2021","unstructured":"Cao, Y., Jiang, H., Deng, Y., Wu, J., Zhou, P., Luo, W.: Detecting and mitigating DDoS attacks in SDN using spatial-temporal graph convolutional network. IEEE Trans. Dependable Secure Comput. 19(6), 3855\u20133872 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"15_CR6","doi-asserted-by":"publisher","first-page":"110030","DOI":"10.1016\/j.knosys.2022.110030","volume":"258","author":"E Caville","year":"2022","unstructured":"Caville, E., Lo, W.W., Layeghy, S., Portmann, M.: Anomal-E: a self-supervised network intrusion detection system based on graph neural networks. Knowl.-Based Syst. 258, 110030 (2022)","journal-title":"Knowl.-Based Syst."},{"key":"15_CR7","unstructured":"Chang, L., Branco, P.: Graph-based solutions with residuals for intrusion detection: the modified E-graphSAGE and E-ResGAT algorithms. arXiv preprint arXiv:2111.13597 (2021)"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Cheng, Z., et al.: KAIROS: practical intrusion detection and investigation using whole-system provenance. arXiv preprint arXiv:2308.05034 (2023)","DOI":"10.1109\/SP54263.2024.00005"},{"key":"15_CR9","doi-asserted-by":"publisher","first-page":"102715","DOI":"10.1016\/j.cose.2022.102715","volume":"118","author":"Y Fang","year":"2022","unstructured":"Fang, Y., Huang, C., Zeng, M., Zhao, Z., Huang, C.: JStrong: malicious JavaScript detection based on code semantic representation and graph neural network. Comput. Secur. 118, 102715 (2022)","journal-title":"Comput. Secur."},{"key":"15_CR10","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1016\/j.neucom.2021.12.026","volume":"474","author":"Y Fang","year":"2022","unstructured":"Fang, Y., Wang, C., Fang, Z., Huang, C.: LMTracker: lateral movement path detection based on heterogeneous graph embedding. Neurocomputing 474, 37\u201347 (2022)","journal-title":"Neurocomputing"},{"key":"15_CR11","unstructured":"Gilmer, J., Schoenholz, S.S., Riley, P.F., Vinyals, O., Dahl, G.E.: Neural message passing for quantum chemistry. In: International Conference on Machine Learning, pp. 1263\u20131272. PMLR (2017)"},{"key":"15_CR12","unstructured":"Hamilton, W., Ying, Z., Leskovec, J.: Inductive representation learning on large graphs. In: Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"15_CR13","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF02854581","volume":"9","author":"F Harary","year":"1960","unstructured":"Harary, F., Norman, R.Z.: Some properties of line digraphs. Rendiconti circolo matematico palermo 9, 161\u2013168 (1960)","journal-title":"Rendiconti circolo matematico palermo"},{"key":"15_CR14","unstructured":"Jia, Z., Xiong, Y., Nan, Y., Zhang, Y., Zhao, J., Wen, M.: MAGIC: detecting advanced persistent threats via masked graph representation learning. arXiv preprint arXiv:2310.09831 (2023)"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"King, I.J., Huang, H.H.: Euler: detecting network lateral movement via scalable temporal link prediction. ACM Trans. Priv. Secur. (2023)","DOI":"10.14722\/ndss.2022.24107"},{"key":"15_CR16","unstructured":"Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016)"},{"key":"15_CR17","doi-asserted-by":"crossref","unstructured":"Lan, J., et al.: E-minBatch graphSAGE: an industrial internet attack detection model. Secur. Commun. Netw. 2022 (2022)","DOI":"10.1155\/2022\/5363764"},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"Li, Y., et al.: Graphddos: Effective DDoS attack detection using graph neural networks. In: 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 1275\u20131280. IEEE (2022)","DOI":"10.1109\/CSCWD54268.2022.9776097"},{"key":"15_CR19","doi-asserted-by":"crossref","unstructured":"Liu, F.T., Ting, K.M., Zhou, Z.H.: Isolation forest. In: 2008 Eighth IEEE International Conference on Data Mining, pp. 413\u2013422. IEEE (2008)","DOI":"10.1109\/ICDM.2008.17"},{"issue":"6","key":"15_CR20","first-page":"5879","volume":"35","author":"Y Liu","year":"2022","unstructured":"Liu, Y., et al.: Graph self-supervised learning: a survey. IEEE Trans. Knowl. Data Eng. 35(6), 5879\u20135900 (2022)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"15_CR21","doi-asserted-by":"publisher","first-page":"100747","DOI":"10.1016\/j.iot.2023.100747","volume":"22","author":"WW Lo","year":"2023","unstructured":"Lo, W.W., Kulatilleke, G., Sarhan, M., Layeghy, S., Portmann, M.: XG-BoT: an explainable deep graph neural network for botnet detection and forensics. Internet Things 22, 100747 (2023)","journal-title":"Internet Things"},{"key":"15_CR22","doi-asserted-by":"crossref","unstructured":"Lo, W.W., Layeghy, S., Sarhan, M., Gallagher, M., Portmann, M.: E-graphSAGE: a graph neural network based intrusion detection system for IoT. In: NOMS 2022-2022 IEEE\/IFIP Network Operations and Management Symposium, pp.\u00a01\u20139. IEEE (2022)","DOI":"10.1109\/NOMS54207.2022.9789878"},{"key":"15_CR23","doi-asserted-by":"crossref","unstructured":"Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp.\u00a01\u20136. IEEE (2015)","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Paudel, R., Huang, H.H.: Pikachu: temporal walk based dynamic graph embedding for network anomaly detection. In: NOMS 2022-2022 IEEE\/IFIP Network Operations and Management Symposium, pp.\u00a01\u20137. IEEE (2022)","DOI":"10.1109\/NOMS54207.2022.9789921"},{"issue":"4","key":"15_CR25","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1145\/3543146.3543171","volume":"49","author":"D Pujol-Perich","year":"2022","unstructured":"Pujol-Perich, D., Su\u00e1rez-Varela, J., Cabellos-Aparicio, A., Barlet-Ros, P.: Unveiling the potential of graph neural networks for robust intrusion detection. ACM SIGMETRICS Perform. Eval. Rev. 49(4), 111\u2013117 (2022)","journal-title":"ACM SIGMETRICS Perform. Eval. Rev."},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Sarhan, M., Layeghy, S., Portmann, M.: Towards a standard feature set for network intrusion detection system datasets. Mobile Netw. Appl. 1\u201314 (2022)","DOI":"10.1007\/s11036-021-01843-0"},{"issue":"1","key":"15_CR27","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1109\/TNN.2008.2005605","volume":"20","author":"F Scarselli","year":"2008","unstructured":"Scarselli, F., Gori, M., Tsoi, A.C., Hagenbuchner, M., Monfardini, G.: The graph neural network model. IEEE Trans. Neural Netw. 20(1), 61\u201380 (2008)","journal-title":"IEEE Trans. Neural Netw."},{"key":"15_CR28","first-page":"108","volume":"1","author":"I Sharafaldin","year":"2018","unstructured":"Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1, 108\u2013116 (2018)","journal-title":"ICISSp"},{"key":"15_CR29","doi-asserted-by":"crossref","unstructured":"Sung, F., Yang, Y., Zhang, L., Xiang, T., Torr, P.H., Hospedales, T.M.: Learning to compare: relation network for few-shot learning. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1199\u20131208 (2018)","DOI":"10.1109\/CVPR.2018.00131"},{"issue":"9","key":"15_CR30","doi-asserted-by":"publisher","first-page":"1480","DOI":"10.1587\/transinf.2022OFP0004","volume":"106","author":"TT Thein","year":"2023","unstructured":"Thein, T.T., Shiraishi, Y., Morii, M.: Few-shot learning-based malicious IoT traffic detection with prototypical graph neural networks. IEICE Trans. Inf. Syst. 106(9), 1480\u20131489 (2023)","journal-title":"IEICE Trans. Inf. Syst."},{"key":"15_CR31","unstructured":"Veli\u010dkovi\u0107, P., Cucurull, G., Casanova, A., Romero, A., Lio, P., Bengio, Y.: Graph attention networks. arXiv preprint arXiv:1710.10903 (2017)"},{"key":"15_CR32","unstructured":"Veli\u010dkovi\u0107, P., Fedus, W., Hamilton, W.L., Li\u00f2, P., Bengio, Y., Hjelm, R.D.: Deep graph infomax. arXiv preprint arXiv:1809.10341 (2018)"},{"issue":"3","key":"15_CR33","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3386252","volume":"53","author":"Y Wang","year":"2020","unstructured":"Wang, Y., Yao, Q., Kwok, J.T., Ni, L.M.: Generalizing from a few examples: a survey on few-shot learning. ACM Comput. Surv. (CSUR) 53(3), 1\u201334 (2020)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"1","key":"15_CR34","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1109\/TNNLS.2020.2978386","volume":"32","author":"Z Wu","year":"2020","unstructured":"Wu, Z., Pan, S., Chen, F., Long, G., Zhang, C., Philip, S.Y.: A comprehensive survey on graph neural networks. IEEE Trans. Neural Netw. Learn. Syst. 32(1), 4\u201324 (2020)","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"15_CR35","unstructured":"Xu, K., Hu, W., Leskovec, J., Jegelka, S.: How powerful are graph neural networks? arXiv preprint arXiv:1810.00826 (2018)"},{"key":"15_CR36","unstructured":"You, Y., Chen, T., Sui, Y., Chen, T., Wang, Z., Shen, Y.: Graph contrastive learning with augmentations. In: Advances in Neural Information Processing Systems, vol. 33, pp. 5812\u20135823 (2020)"},{"key":"15_CR37","doi-asserted-by":"crossref","unstructured":"Zhong, M., Lin, M., Zhang, C., Xu, Z.: A survey on graph neural networks for intrusion detection systems: methods, trends and challenges. Comput. Secur. 103821 (2024)","DOI":"10.1016\/j.cose.2024.103821"},{"key":"15_CR38","unstructured":"Zhou, J., Xu, Z., Rush, A.M., Yu, M.: Automating botnet detection with graph neural networks. arXiv preprint arXiv:2003.06344 (2020)"}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-7737-2_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,28]],"date-time":"2024-11-28T02:46:43Z","timestamp":1732762003000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-7737-2_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819777365","9789819777372"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-7737-2_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"13 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IWSEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kyoto","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iwsec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iwsec.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}