Towards an Efficient Network Intrusion Detection System for IoT Networks Leveraging Graph Neural Networks

Altaf, Tanzeela

Towards an Efficient Network Intrusion Detection System for IoT Networks Leveraging Graph Neural Networks

Altaf, Tanzeela

Permalink

Publication Type:: Thesis
Issue Date:: 2024

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download thesisAdobe PDF (2.17 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Altaf, Tanzeela
dc.date.accessioned	2024-06-19T03:15:06Z
dc.date.available	2024-06-19T03:15:06Z
dc.date.issued	2024
dc.identifier.uri	http://hdl.handle.net/10453/179570
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_US.UTF-8
dc.description.abstract	Existing deep learning approaches are barely effective for identify new attacks in IoT traffic because they treat network flows independently. Graph Neural Networks (GNNs) have emerged as a promising alternative having the ability to capture the underlying network topology. However, existing approaches focus solely on either node or edge features, limiting their capacity to fully understand the complexities of network data. This limitation impacts the performance of NIDS in detecting new attacks, as they fail to utilize the contextual information provided by both node and edge features. To address this, our research explores GNN mechanisms and graph structures tailored to IoT traffic. We introduce NE-GConv, a Directed Graph model that incorporates both node and edge features, and a Multi-graph capable of representing comprehensive communication between IoT nodes. NE-GConv improves upon existing methods with enhancements in algorithm input, message aggregation, update functions, and output. Our approach enables deep inspection by incorporating flow and packet content-related features. Additionally, our Multi-edged model accommodates multiple edges and features, utilizing modified message-passing layers and aggregation functions. We introduce novel equations to integrate multi-edge considerations into the GNN framework. Extensive experiments, evaluated using metrics, validate the effectiveness of our proposed models compared to state-of-the-art GNN approaches.	en_US.UTF-8
dc.format	Thesis (PhD)
dc.language.iso	en_US	en_US.UTF-8
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/179570/1/thesis.pdf
dc.rights	info:eu-repo/semantics/openAccess
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	© 2024 Tanzeela Altaf
dc.rights	au.edu.uts.lib/nph
dc.title	Towards an Efficient Network Intrusion Detection System for IoT Networks Leveraging Graph Neural Networks	en_US.UTF-8
dc.type	Thesis
utslib.copyright.status	open_access	*

Abstract:

Existing deep learning approaches are barely effective for identify new attacks in IoT traffic because they treat network flows independently. Graph Neural Networks (GNNs) have emerged as a promising alternative having the ability to capture the underlying network topology. However, existing approaches focus solely on either node or edge features, limiting their capacity to fully understand the complexities of network data. This limitation impacts the performance of NIDS in detecting new attacks, as they fail to utilize the contextual information provided by both node and edge features. To address this, our research explores GNN mechanisms and graph structures tailored to IoT traffic. We introduce NE-GConv, a Directed Graph model that incorporates both node and edge features, and a Multi-graph capable of representing comprehensive communication between IoT nodes. NE-GConv improves upon existing methods with enhancements in algorithm input, message aggregation, update functions, and output. Our approach enables deep inspection by incorporating flow and packet content-related features. Additionally, our Multi-edged model accommodates multiple edges and features, utilizing modified message-passing layers and aggregation functions. We introduce novel equations to integrate multi-edge considerations into the GNN framework. Extensive experiments, evaluated using metrics, validate the effectiveness of our proposed models compared to state-of-the-art GNN approaches.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/179570