Skip to main content
SpringerLink
Log in

StrucTemp-GNN: An Intrusion Detection Framework in IoT Networks Using Dynamic Heterogeneous Graph Neural Networks

  • Conference paper
  • First Online:
Mobile, Secure, and Programmable Networking (MSPN 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14482))

  • 170 Accesses

Abstract

Deep Learning (DL) techniques are effective for designing network intrusion detection systems (NIDS) but they lack leveraging IoT network topology. In the meanwhile, Graph Neural Networks (GNNs) consider both statistical properties and topological dependencies outperforming DL in complex IoT systems. However, three improvements are required: 1) Scalability as GNNs are more suitable for offline analysis with a static dependency graph. 2) Current GNNs focus on homogeneous graphs with topological dependencies; thus, including temporal aspects in heterogeneous graphs would improve the overall performance. 3) IoT time and resource constraints require optimized resource usage for efficient intrusion detection. To address these challenges, we propose StrucTemp-GNN a dynamic heterogeneous GNN-based NIDS for IoT networks. The method leverages both structural and temporal dependencies, giving rise to its name, Structural-Temporal GNN. Real-time intrusion detection is enabled by constructing a dynamic graph from incoming IoT data flows, incorporating structural and temporal information. The lightweight GNN model achieves fast and accurate intrusion detection. It has been evaluated on four new IoT datasets and has proven efficient in both binary and multiclass classification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abid, M.: IoT Security Challenges and Mitigations: An Introduction, October 2022

    Google Scholar 

  2. Alsoufi, M.A., et al.: Anomaly-based intrusion detection systems in IoT using deep learning: a systematic literature review. Appl. Sci. 11(18), 8383 (2021). ISSN 2076-3417. https://doi.org/10.3390/app11188383. https://www.mdpi.com/2076-3417/11/18/8383. Accessed 12 Apr 2022

  3. Altaf, T., et al.: A new concatenated Multigraph Neural Network for IoT intrusion detection. Internet Things 22, 100818 (2023). ISSN 2542-6605. https://doi.org/10.1016/j.iot.2023.100818. https://linkinghub.elsevier.com/retrieve/pii/S2542660523001415. Accessed 20 Oct 2023

  4. Bagui, S., Wang, X., Bagui, S.: Machine learning based intrusion detection for IoT Botnet. IJMLC 11(6), 399–406 (2021). ISSN 2010-3700. https://doi.org/10.18178/ijmlc.2021.11.6.1068. https://www.ijmlc.org/index.php?m=content &c=index &a=show &catid=117 &id=1256. Accessed 30 Dec 2022

  5. Caville, E., et al.: Anomal-E: a self-supervised network intrusion detection system based on graph neural networks. Knowl.-Based Syst. 258, 110030 (2022). ISSN 0950-7051. https://doi.org/10.1016/j.knosys.2022.110030. https://linkinghub.elsevier.com/retrieve/pii/S0950705122011236. Accessed 24 Jan 2023

  6. Chalapathy, R., Chawla, S.: Deep learning for anomaly detection: a survey (2019). arXiv Version Number: 2. https://doi.org/10.48550/ARXIV.1901.03407. https://arxiv.org/abs/1901.03407. Accessed 04 Jan 2023

  7. da Costa, K.A.P., et al.: Internet of Things: a survey on machine learning based intrusion detection approaches. Comput. Netw. 151, 147–157 (2019). ISSN 1389-1286. https://doi.org/10.1016/j.comnet.2019.01.023. https://linkinghub.elsevier.com/retrieve/pii/S1389128618308739. Accessed 04 Jan 2023

  8. Deng, X., et al.: Flow topology-based graph convolutional network for intrusion detection in label-limited IoT networks. IEEE Trans. Netw. Serv. Manage. 1 (2022). ISSN 1932-4537, 2373-7379. https://doi.org/10.1109/TNSM.2022.3213807. https://ieeexplore.ieee.org/document/9919790/. Accessed 24 Jan 2023

  9. Duan, G., et al.: Application of a dynamic line graph neural network for intrusion detection with semisupervised learning. IEEE Trans. Inform. Forensic Secur. 18, 699–714 (2023). ISSN 1556-6013, 1556-6021. https://doi.org/10.1109/TIFS.2022.3228493. https://ieeexplore.ieee.org/document/9980414/. Accessed 24 Jan 2023

  10. Gadal, S., et al.: Machine learning-based anomaly detection using K-mean array and sequential minimal optimization. Electronics 11(14), 2158 (2022). ISSN 2079-9292. https://doi.org/10.3390/electronics11142158. https://www.mdpi.com/2079-9292/11/14/2158. Accessed 30 Dec 2022

  11. Hamilton, W.L., Ying, R., Leskovec, J.: Inductive representation learning on large graphs (2017). arXiv Version Number: 4. https://doi.org/10.48550/ARXIV.1706.02216. https://arxiv.org/abs/1706.02216. Accessed 24 Jan 2023

  12. Hasan, M., et al.: Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet Things 7, 100059 (2019). ISSN 2542-6605. https://doi.org/10.1016/j.iot.2019.100059. https://linkinghub.elsevier.com/retrieve/pii/S2542660519300241. Accessed 30 Dec 2022

  13. Heidari, A., Jamali, M.A.J.: Internet of Things intrusion detection systems: a comprehensive review and future directions. Cluster Comput., October 2022. ISSN 1386-7857, 1573-7543. https://doi.org/10.1007/s10586-022-03776-z. Accessed 04 Dec 2022

  14. Lo, W.W., et al.: E-GraphSAGE: a graph neural network based intrusion detection system for IoT. In: 2022 IEEE/IFIP Network Operations and Management Symposium, NOMS 2022, Budapest, Hungary, pp. 1–9. IEEE, April 2022. ISBN 978-1-66540-601-7. https://doi.org/10.1109/NOMS54207.2022.9789878. https://ieeexplore.ieee.org/document/9789878/. Accessed 12 Jan 2023

  15. Ma, Y., Tang, J.: Deep Learning on Graphs, 1st edn. Cambridge University Press, September 2021. ISBN 978-1-108-92418-4 978-1-108-83174-1. https://doi.org/10.1017/9781108924184. https://www.cambridge.org/core/product/identifier/9781108924184/type/book. Accessed 08 Jan 2023

  16. Ma, Y., Tang, J.: Deep Learning on Graphs. Cambridge University Press, Cambridge (2021)

    Book  Google Scholar 

  17. Mahalingam, A., et al.: ROAST-IoT: a novel range-optimized attention convolutional scattered technique for intrusion detection in IoT networks. Sensors 23(19), (2023). ISSN 1424-8220. https://doi.org/10.3390/s23198044. https://www.mdpi.com/1424-8220/23/19/8044

  18. Powers, D.M.W.: Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation. arXiv:2010.16061 [cs, stat], October 2020. https://arxiv.org/abs/2010.16061. Accessed 11 Sept 2023

  19. Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: NetFlow datasets for machine learning-based network intrusion detection systems. In: Deze, Z., Huang, H., Hou, R., Rho, S., Chilamkurti, N. (eds.) BDTA/WiCON -2020. LNICST, vol. 371, pp. 117–135. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72802-1_9

    Chapter  Google Scholar 

  20. Sokolova, M., Lapalme, G.: A systematic analysis of performance measures for classification tasks. Inf. Process. Manage. 45(4), 427–437 (2009). ISSN 0306-4573. https://doi.org/10.1016/j.ipm.2009.03.002. https://linkinghub.elsevier.com/retrieve/pii/S0306457309000259. Accessed 11 Sept 2023

  21. Veličković, P., et al.: Graph Attention Networks (2017). arXiv Version Number: 3. https://doi.org/10.48550/ARXIV.1710.10903. https://arxiv.org/abs/1710.10903. Accessed 09 Feb 2023

  22. Xiao, J., et al.: Robust anomaly-based intrusion detection system for in vehicle network by graph neural network framework. Appl. Intell. 53(3), 3183–3206 (2023). ISSN 0924-669X, 1573-7497. https://doi.org/10.1007/s10489-022-03412-8. Accessed 24 Jan 2023

  23. Zhang, S., et al.: Graph convolutional networks: a comprehensive review. Comput. Soc. Netw. 6(1), 11 (2019). ISSN 2197-4314. https://doi.org/10.1186/s40649-019-0069-y. https://computationalsocialnetworks.springeropen.com/articles/10.1186/s40649-019-0069-y. Accessed 11 Sept 2023

  24. Zhang, Y., et al.: Intrusion detection of industrial Internet-of-Things based on reconstructed graph neural networks. IEEE Trans. Netw. Sci. Eng. 1–12 (2022). ISSN 2327-4697, 2334-329X. https://doi.org/10.1109/TNSE.2022.3184975. https://ieeexplore.ieee.org/document/9802721/. Accessed 24 Jan 2023

  25. Zhou, Y., Chiu, D.M., Lui, J.C.S.: A simple model for chunk-scheduling strategies in P2P streaming. IEEE/ACM Trans. Netw. 19, 42–54 (2011). https://doi.org/10.1109/TNET.2010.2065237

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Higher National School of Computer Science (ESI), Algiers, Algeria

    Imed Eddine Boukari, Ihab Abderrahmane Derdouha, Samia Bouzefrane, Leila Hamdad, Safia Nait-Bahloul & Thomas Huraux

  2. CEDRIC Lab, Conservatoire National des Arts et Metiers, Paris, France

    Imed Eddine Boukari, Ihab Abderrahmane Derdouha, Samia Bouzefrane, Leila Hamdad, Safia Nait-Bahloul & Thomas Huraux

Authors
  1. Imed Eddine Boukari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ihab Abderrahmane Derdouha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Samia Bouzefrane
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Leila Hamdad
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Safia Nait-Bahloul
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Thomas Huraux
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Imed Eddine Boukari .

Editor information

Editors and Affiliations

  1. Cedric Lab, Cnam, Paris, France

    Samia Bouzefrane

  2. Trasna Solutions, Rousset, France

    Soumya Banerjee

  3. University Paris-Est Créteil, Créteil, France

    Fabrice Mourlin

  4. Cedric Lab, Cnam, Paris, France

    Selma Boumerdassi

  5. LIGM, ESIEE, Noisy-le-Grand, France

    Éric Renault

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Boukari, I.E., Derdouha, I.A., Bouzefrane, S., Hamdad, L., Nait-Bahloul, S., Huraux, T. (2024). StrucTemp-GNN: An Intrusion Detection Framework in IoT Networks Using Dynamic Heterogeneous Graph Neural Networks. In: Bouzefrane, S., Banerjee, S., Mourlin, F., Boumerdassi, S., Renault, É. (eds) Mobile, Secure, and Programmable Networking. MSPN 2023. Lecture Notes in Computer Science, vol 14482. Springer, Cham. https://doi.org/10.1007/978-3-031-52426-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-52426-4_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-52425-7

  • Online ISBN: 978-3-031-52426-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation