Abstract: Network intrusion detection is a crucial means of protecting computing resources and data from cyber-attacks. In recent years, the methods based  on deep learning have made significant progress for intrusion detection. However, challenges remain, such as effective feature extraction and over- reliance on manually annotated data. To address these issues, a semi-supervised intrusion detection method based on graph heat kernel diffusion convolution is proposed. The method builds the host interaction graph by using source IP and destination IP addresses as nodes, and their interaction relationships as edges. By fusing network flow statistics and latent graph structural features, the method leverages the graph heat kernel diffusion to aggregate the neighborhood information. These node representations can significantly improve the downstream intrusion detection tasks, enhancing the accuracy of identifying anomalous nodes and malicious connections. Experiments conducted on the CIC-IDS-2017 and CIC-IDS-2018 datasets demonstrate that the proposed method can effectively capture the complex topological structures and node relationships in network traffic data. It can learn low-dimensional node embeddings using only a small number of flow features and label information. Furthermore, cluster analysis and visualization of the node representations can reveal the community structure and connection characteristics of attack nodes, providing valuable references for the prevention of novel or evolving attacks.

Key words: network intrusion detection, graph heat kernel diffusion, graph representation learning, graph neural network