Towards an Efficient Network Intrusion Detection System for IoT Networks Leveraging Graph Neural Networks

Publication Type:
Thesis
Issue Date:
2024
Full metadata record
Existing deep learning approaches are barely effective for identify new attacks in IoT traffic because they treat network flows independently. Graph Neural Networks (GNNs) have emerged as a promising alternative having the ability to capture the underlying network topology. However, existing approaches focus solely on either node or edge features, limiting their capacity to fully understand the complexities of network data. This limitation impacts the performance of NIDS in detecting new attacks, as they fail to utilize the contextual information provided by both node and edge features. To address this, our research explores GNN mechanisms and graph structures tailored to IoT traffic. We introduce NE-GConv, a Directed Graph model that incorporates both node and edge features, and a Multi-graph capable of representing comprehensive communication between IoT nodes. NE-GConv improves upon existing methods with enhancements in algorithm input, message aggregation, update functions, and output. Our approach enables deep inspection by incorporating flow and packet content-related features. Additionally, our Multi-edged model accommodates multiple edges and features, utilizing modified message-passing layers and aggregation functions. We introduce novel equations to integrate multi-edge considerations into the GNN framework. Extensive experiments, evaluated using metrics, validate the effectiveness of our proposed models compared to state-of-the-art GNN approaches.
Please use this identifier to cite or link to this item: