Abstract
Deep Learning (DL) techniques are effective for designing network intrusion detection systems (NIDS) but they lack leveraging IoT network topology. In the meanwhile, Graph Neural Networks (GNNs) consider both statistical properties and topological dependencies outperforming DL in complex IoT systems. However, three improvements are required: 1) Scalability as GNNs are more suitable for offline analysis with a static dependency graph. 2) Current GNNs focus on homogeneous graphs with topological dependencies; thus, including temporal aspects in heterogeneous graphs would improve the overall performance. 3) IoT time and resource constraints require optimized resource usage for efficient intrusion detection. To address these challenges, we propose StrucTemp-GNN a dynamic heterogeneous GNN-based NIDS for IoT networks. The method leverages both structural and temporal dependencies, giving rise to its name, Structural-Temporal GNN. Real-time intrusion detection is enabled by constructing a dynamic graph from incoming IoT data flows, incorporating structural and temporal information. The lightweight GNN model achieves fast and accurate intrusion detection. It has been evaluated on four new IoT datasets and has proven efficient in both binary and multiclass classification.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abid, M.: IoT Security Challenges and Mitigations: An Introduction, October 2022
Alsoufi, M.A., et al.: Anomaly-based intrusion detection systems in IoT using deep learning: a systematic literature review. Appl. Sci. 11(18), 8383 (2021). ISSN 2076-3417. https://doi.org/10.3390/app11188383. https://www.mdpi.com/2076-3417/11/18/8383. Accessed 12 Apr 2022
Altaf, T., et al.: A new concatenated Multigraph Neural Network for IoT intrusion detection. Internet Things 22, 100818 (2023). ISSN 2542-6605. https://doi.org/10.1016/j.iot.2023.100818. https://linkinghub.elsevier.com/retrieve/pii/S2542660523001415. Accessed 20 Oct 2023
Bagui, S., Wang, X., Bagui, S.: Machine learning based intrusion detection for IoT Botnet. IJMLC 11(6), 399–406 (2021). ISSN 2010-3700. https://doi.org/10.18178/ijmlc.2021.11.6.1068. https://www.ijmlc.org/index.php?m=content &c=index &a=show &catid=117 &id=1256. Accessed 30 Dec 2022
Caville, E., et al.: Anomal-E: a self-supervised network intrusion detection system based on graph neural networks. Knowl.-Based Syst. 258, 110030 (2022). ISSN 0950-7051. https://doi.org/10.1016/j.knosys.2022.110030. https://linkinghub.elsevier.com/retrieve/pii/S0950705122011236. Accessed 24 Jan 2023
Chalapathy, R., Chawla, S.: Deep learning for anomaly detection: a survey (2019). arXiv Version Number: 2. https://doi.org/10.48550/ARXIV.1901.03407. https://arxiv.org/abs/1901.03407. Accessed 04 Jan 2023
da Costa, K.A.P., et al.: Internet of Things: a survey on machine learning based intrusion detection approaches. Comput. Netw. 151, 147–157 (2019). ISSN 1389-1286. https://doi.org/10.1016/j.comnet.2019.01.023. https://linkinghub.elsevier.com/retrieve/pii/S1389128618308739. Accessed 04 Jan 2023
Deng, X., et al.: Flow topology-based graph convolutional network for intrusion detection in label-limited IoT networks. IEEE Trans. Netw. Serv. Manage. 1 (2022). ISSN 1932-4537, 2373-7379. https://doi.org/10.1109/TNSM.2022.3213807. https://ieeexplore.ieee.org/document/9919790/. Accessed 24 Jan 2023
Duan, G., et al.: Application of a dynamic line graph neural network for intrusion detection with semisupervised learning. IEEE Trans. Inform. Forensic Secur. 18, 699–714 (2023). ISSN 1556-6013, 1556-6021. https://doi.org/10.1109/TIFS.2022.3228493. https://ieeexplore.ieee.org/document/9980414/. Accessed 24 Jan 2023
Gadal, S., et al.: Machine learning-based anomaly detection using K-mean array and sequential minimal optimization. Electronics 11(14), 2158 (2022). ISSN 2079-9292. https://doi.org/10.3390/electronics11142158. https://www.mdpi.com/2079-9292/11/14/2158. Accessed 30 Dec 2022
Hamilton, W.L., Ying, R., Leskovec, J.: Inductive representation learning on large graphs (2017). arXiv Version Number: 4. https://doi.org/10.48550/ARXIV.1706.02216. https://arxiv.org/abs/1706.02216. Accessed 24 Jan 2023
Hasan, M., et al.: Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet Things 7, 100059 (2019). ISSN 2542-6605. https://doi.org/10.1016/j.iot.2019.100059. https://linkinghub.elsevier.com/retrieve/pii/S2542660519300241. Accessed 30 Dec 2022
Heidari, A., Jamali, M.A.J.: Internet of Things intrusion detection systems: a comprehensive review and future directions. Cluster Comput., October 2022. ISSN 1386-7857, 1573-7543. https://doi.org/10.1007/s10586-022-03776-z. Accessed 04 Dec 2022
Lo, W.W., et al.: E-GraphSAGE: a graph neural network based intrusion detection system for IoT. In: 2022 IEEE/IFIP Network Operations and Management Symposium, NOMS 2022, Budapest, Hungary, pp. 1–9. IEEE, April 2022. ISBN 978-1-66540-601-7. https://doi.org/10.1109/NOMS54207.2022.9789878. https://ieeexplore.ieee.org/document/9789878/. Accessed 12 Jan 2023
Ma, Y., Tang, J.: Deep Learning on Graphs, 1st edn. Cambridge University Press, September 2021. ISBN 978-1-108-92418-4 978-1-108-83174-1. https://doi.org/10.1017/9781108924184. https://www.cambridge.org/core/product/identifier/9781108924184/type/book. Accessed 08 Jan 2023
Ma, Y., Tang, J.: Deep Learning on Graphs. Cambridge University Press, Cambridge (2021)
Mahalingam, A., et al.: ROAST-IoT: a novel range-optimized attention convolutional scattered technique for intrusion detection in IoT networks. Sensors 23(19), (2023). ISSN 1424-8220. https://doi.org/10.3390/s23198044. https://www.mdpi.com/1424-8220/23/19/8044
Powers, D.M.W.: Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation. arXiv:2010.16061 [cs, stat], October 2020. https://arxiv.org/abs/2010.16061. Accessed 11 Sept 2023
Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: NetFlow datasets for machine learning-based network intrusion detection systems. In: Deze, Z., Huang, H., Hou, R., Rho, S., Chilamkurti, N. (eds.) BDTA/WiCON -2020. LNICST, vol. 371, pp. 117–135. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72802-1_9
Sokolova, M., Lapalme, G.: A systematic analysis of performance measures for classification tasks. Inf. Process. Manage. 45(4), 427–437 (2009). ISSN 0306-4573. https://doi.org/10.1016/j.ipm.2009.03.002. https://linkinghub.elsevier.com/retrieve/pii/S0306457309000259. Accessed 11 Sept 2023
Veličković, P., et al.: Graph Attention Networks (2017). arXiv Version Number: 3. https://doi.org/10.48550/ARXIV.1710.10903. https://arxiv.org/abs/1710.10903. Accessed 09 Feb 2023
Xiao, J., et al.: Robust anomaly-based intrusion detection system for in vehicle network by graph neural network framework. Appl. Intell. 53(3), 3183–3206 (2023). ISSN 0924-669X, 1573-7497. https://doi.org/10.1007/s10489-022-03412-8. Accessed 24 Jan 2023
Zhang, S., et al.: Graph convolutional networks: a comprehensive review. Comput. Soc. Netw. 6(1), 11 (2019). ISSN 2197-4314. https://doi.org/10.1186/s40649-019-0069-y. https://computationalsocialnetworks.springeropen.com/articles/10.1186/s40649-019-0069-y. Accessed 11 Sept 2023
Zhang, Y., et al.: Intrusion detection of industrial Internet-of-Things based on reconstructed graph neural networks. IEEE Trans. Netw. Sci. Eng. 1–12 (2022). ISSN 2327-4697, 2334-329X. https://doi.org/10.1109/TNSE.2022.3184975. https://ieeexplore.ieee.org/document/9802721/. Accessed 24 Jan 2023
Zhou, Y., Chiu, D.M., Lui, J.C.S.: A simple model for chunk-scheduling strategies in P2P streaming. IEEE/ACM Trans. Netw. 19, 42–54 (2011). https://doi.org/10.1109/TNET.2010.2065237
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Boukari, I.E., Derdouha, I.A., Bouzefrane, S., Hamdad, L., Nait-Bahloul, S., Huraux, T. (2024). StrucTemp-GNN: An Intrusion Detection Framework in IoT Networks Using Dynamic Heterogeneous Graph Neural Networks. In: Bouzefrane, S., Banerjee, S., Mourlin, F., Boumerdassi, S., Renault, É. (eds) Mobile, Secure, and Programmable Networking. MSPN 2023. Lecture Notes in Computer Science, vol 14482. Springer, Cham. https://doi.org/10.1007/978-3-031-52426-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-52426-4_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-52425-7
Online ISBN: 978-3-031-52426-4
eBook Packages: Computer ScienceComputer Science (R0)