Abstract
Deep learning-based traffic anomaly detection methods are usually fed with high-dimensional statistical features. The greatest challenges are how to detect complex inter-feature relationships and localize and explain anomalies that deviate from these relationships. However, existing methods do not explicitly learn the structure of existing relationships between traffic features or use them to predict the expected behavior of traffic. In this work, we propose a network flow-based IoT anomaly detection approach. It extracts traffic features in different channels as time series. Then a graph neural network combined with a structure learning approach is used to learn relationships between features, which allows users to deduce the root cause of a detected anomaly. We build a real IoT environment and deploy our method on a gateway (simulated with Raspberry PI). The experiment results show that our method has excellent accuracy for detecting anomaly activities and localizes and explains these deviations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Angrishi, K.: Turning internet of things (iot) into internet of vulnerabilities (iov): Iot botnets. arXiv preprint arXiv:1702.03681 (2017)
Antonakakis, M., et al.: Understanding the mirai botnet. In: 26th USENIX security symposium (USENIX Security 2017), pp. 1093–1110 (2017)
Cisco, U.: Cisco annual internet report (2018–2023) white paper. San Jose, CA, USA, Cisco (2020)
Deng, A., Hooi, B.: Graph neural network-based anomaly detection in multivariate time series. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 4027–4035 (2021)
Giaretta, L., Lekssays, A., Carminati, B., Ferrari, E., Girdzijauskas, Š: LiMNet: early-stage detection of iot botnets with lightweight memory networks. In: Bertino, E., Shulman, H., Waidner, M. (eds.) ESORICS 2021. LNCS, vol. 12972, pp. 605–625. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88418-5_29
Guerra-Manzanares, A., Medina-Galindo, J., Bahsi, H., Nõmm, S.: Medbiot: Generation of an iot botnet dataset in a medium-sized iot network. In: ICISSP, pp. 207–218 (2020)
Kipf, T.N., Welling, M.: Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907 (2016)
Li, D., Chen, D., Jin, B., Shi, L., Goh, J., Ng, S.-K.: MAD-GAN: multivariate anomaly detection for time series data with generative adversarial networks. In: Tetko, I.V., Kůrková, V., Karpov, P., Theis, F. (eds.) ICANN 2019. LNCS, vol. 11730, pp. 703–716. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30490-4_56
Merino, B.: Instant traffic analysis with Tshark how-to. Packt Publishing Ltd. (2013)
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089 (2018)
Parmisano, A., Garcia, S., Erquiaga, M.J.: A labeled dataset with malicious and benign iot network traffic. Praha, Czech Republic, Stratosphere Laboratory (2020)
Qin, Y., Song, D., Chen, H., Cheng, W., Jiang, G., Cottrell, G.: A dual-stage attention-based recurrent neural network for time series prediction. arXiv preprint arXiv:1704.02971 (2017)
Schlichtkrull, M., Kipf, T.N., Bloem, P., van den Berg, R., Titov, I., Welling, M.: Modeling relational data with graph convolutional networks. In: Gangemi, A., et al. (eds.) ESWC 2018. LNCS, vol. 10843, pp. 593–607. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93417-4_38
Veličković, P., Cucurull, G., Casanova, A., Romero, A., Lio, P., Bengio, Y.: Graph attention networks. arXiv preprint arXiv:1710.10903 (2017)
Vinayakumar, R., Alazab, M., Jolfaei, A., Soman, K., Poornachandran, P.: Ransomware triage using deep learning: twitter as a case study. In: 2019 Cybersecurity and Cyberforensics Conference (CCC), pp. 67–73. IEEE (2019)
Wei, C., Xie, G., Diao, Z.: A lightweight deep learning framework for botnet detecting at the iot edge. Comput. Sec., 103195 (2023)
Acknowledgement
This work was supported by the National Natural Science Foundation of China No.62102397.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wei, C., Xie, G., Diao, Z. (2023). Network Flow Based IoT Anomaly Detection Using Graph Neural Network. In: Jin, Z., Jiang, Y., Buchmann, R.A., Bi, Y., Ghiran, AM., Ma, W. (eds) Knowledge Science, Engineering and Management. KSEM 2023. Lecture Notes in Computer Science(), vol 14118. Springer, Cham. https://doi.org/10.1007/978-3-031-40286-9_35
Download citation
DOI: https://doi.org/10.1007/978-3-031-40286-9_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40285-2
Online ISBN: 978-3-031-40286-9
eBook Packages: Computer ScienceComputer Science (R0)