@@ -58,9 +58,14 @@ We use the CICFlowMeter tool to extract flows from Pcap files.
## Graph modeling
A graph dataset proves to be particularly advantageous for network attack detection, as it facilitates the examination of relationships and interactions among the various entities within the network. There are two primary methods for modeling network activity using a graph.
In the first approach, nodes depict individual entities within the network such as servers, IoT devices, etc., while links represent interactions between these entities. Alternatively, the second method involves representing both network entities and flows as nodes. For instance, from a flow consisting of a source host (S) and a destination host (D), two undirected edges are created, as illustrated in the following Figure.
Representing flows as nodes in the graph aligns well with Graph Neural Network (GNN) algorithms, which primarily focus on nodes in the embedding (hidden state). The graphs comprising the dataset are accessible on GitLab in JSON format, facilitating ease of access and utilization for network analysis and attack detection purposes.
