Top

Published in:

2024 | OriginalPaper | Chapter

StrucTemp-GNN: An Intrusion Detection Framework in IoT Networks Using Dynamic Heterogeneous Graph Neural Networks

Authors : Imed Eddine Boukari, Ihab Abderrahmane Derdouha, Samia Bouzefrane, Leila Hamdad, Safia Nait-Bahloul, Thomas Huraux

Published in: Mobile, Secure, and Programmable Networking

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Deep Learning (DL) techniques are effective for designing network intrusion detection systems (NIDS) but they lack leveraging IoT network topology. In the meanwhile, Graph Neural Networks (GNNs) consider both statistical properties and topological dependencies outperforming DL in complex IoT systems. However, three improvements are required: 1) Scalability as GNNs are more suitable for offline analysis with a static dependency graph. 2) Current GNNs focus on homogeneous graphs with topological dependencies; thus, including temporal aspects in heterogeneous graphs would improve the overall performance. 3) IoT time and resource constraints require optimized resource usage for efficient intrusion detection. To address these challenges, we propose StrucTemp-GNN a dynamic heterogeneous GNN-based NIDS for IoT networks. The method leverages both structural and temporal dependencies, giving rise to its name, Structural-Temporal GNN. Real-time intrusion detection is enabled by constructing a dynamic graph from incoming IoT data flows, incorporating structural and temporal information. The lightweight GNN model achieves fast and accurate intrusion detection. It has been evaluated on four new IoT datasets and has proven efficient in both binary and multiclass classification.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter IoTDisco: Strong yet Lightweight End-to-End Security for the Internet of Constrained Things

next chapter Generating Synthetic Data to Improve Intrusion Detection in Smart City Network Systems

Abid, M.: IoT Security Challenges and Mitigations: An Introduction, October 2022

Alsoufi, M.A., et al.: Anomaly-based intrusion detection systems in IoT using deep learning: a systematic literature review. Appl. Sci. 11(18), 8383 (2021). ISSN 2076-3417. https://doi.org/10.3390/app11188383. https://www.mdpi.com/2076-3417/11/18/8383. Accessed 12 Apr 2022

Altaf, T., et al.: A new concatenated Multigraph Neural Network for IoT intrusion detection. Internet Things 22, 100818 (2023). ISSN 2542-6605. https://doi.org/10.1016/j.iot.2023.100818. https://linkinghub.elsevier.com/retrieve/pii/S2542660523001415. Accessed 20 Oct 2023

Bagui, S., Wang, X., Bagui, S.: Machine learning based intrusion detection for IoT Botnet. IJMLC 11(6), 399–406 (2021). ISSN 2010-3700. https://doi.org/10.18178/ijmlc.2021.11.6.1068. https://www.ijmlc.org/index.php?m=content &c=index &a=show &catid=117 &id=1256. Accessed 30 Dec 2022

Caville, E., et al.: Anomal-E: a self-supervised network intrusion detection system based on graph neural networks. Knowl.-Based Syst. 258, 110030 (2022). ISSN 0950-7051. https://doi.org/10.1016/j.knosys.2022.110030. https://linkinghub.elsevier.com/retrieve/pii/S0950705122011236. Accessed 24 Jan 2023

Chalapathy, R., Chawla, S.: Deep learning for anomaly detection: a survey (2019). arXiv Version Number: 2. https://doi.org/10.48550/ARXIV.1901.03407. https://arxiv.org/abs/1901.03407. Accessed 04 Jan 2023

da Costa, K.A.P., et al.: Internet of Things: a survey on machine learning based intrusion detection approaches. Comput. Netw. 151, 147–157 (2019). ISSN 1389-1286. https://doi.org/10.1016/j.comnet.2019.01.023. https://linkinghub.elsevier.com/retrieve/pii/S1389128618308739. Accessed 04 Jan 2023

Deng, X., et al.: Flow topology-based graph convolutional network for intrusion detection in label-limited IoT networks. IEEE Trans. Netw. Serv. Manage. 1 (2022). ISSN 1932-4537, 2373-7379. https://doi.org/10.1109/TNSM.2022.3213807. https://ieeexplore.ieee.org/document/9919790/. Accessed 24 Jan 2023

Duan, G., et al.: Application of a dynamic line graph neural network for intrusion detection with semisupervised learning. IEEE Trans. Inform. Forensic Secur. 18, 699–714 (2023). ISSN 1556-6013, 1556-6021. https://doi.org/10.1109/TIFS.2022.3228493. https://ieeexplore.ieee.org/document/9980414/. Accessed 24 Jan 2023

10.

Gadal, S., et al.: Machine learning-based anomaly detection using K-mean array and sequential minimal optimization. Electronics 11(14), 2158 (2022). ISSN 2079-9292. https://doi.org/10.3390/electronics11142158. https://www.mdpi.com/2079-9292/11/14/2158. Accessed 30 Dec 2022

11.

Hamilton, W.L., Ying, R., Leskovec, J.: Inductive representation learning on large graphs (2017). arXiv Version Number: 4. https://doi.org/10.48550/ARXIV.1706.02216. https://arxiv.org/abs/1706.02216. Accessed 24 Jan 2023

12.

Hasan, M., et al.: Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet Things 7, 100059 (2019). ISSN 2542-6605. https://doi.org/10.1016/j.iot.2019.100059. https://linkinghub.elsevier.com/retrieve/pii/S2542660519300241. Accessed 30 Dec 2022

13.

Heidari, A., Jamali, M.A.J.: Internet of Things intrusion detection systems: a comprehensive review and future directions. Cluster Comput., October 2022. ISSN 1386-7857, 1573-7543. https://doi.org/10.1007/s10586-022-03776-z. Accessed 04 Dec 2022

14.

Lo, W.W., et al.: E-GraphSAGE: a graph neural network based intrusion detection system for IoT. In: 2022 IEEE/IFIP Network Operations and Management Symposium, NOMS 2022, Budapest, Hungary, pp. 1–9. IEEE, April 2022. ISBN 978-1-66540-601-7. https://doi.org/10.1109/NOMS54207.2022.9789878. https://ieeexplore.ieee.org/document/9789878/. Accessed 12 Jan 2023

15.

Ma, Y., Tang, J.: Deep Learning on Graphs, 1st edn. Cambridge University Press, September 2021. ISBN 978-1-108-92418-4 978-1-108-83174-1. https://doi.org/10.1017/9781108924184. https://www.cambridge.org/core/product/identifier/9781108924184/type/book. Accessed 08 Jan 2023

16.

Ma, Y., Tang, J.: Deep Learning on Graphs. Cambridge University Press, Cambridge (2021)CrossRef

17.

Mahalingam, A., et al.: ROAST-IoT: a novel range-optimized attention convolutional scattered technique for intrusion detection in IoT networks. Sensors 23(19), (2023). ISSN 1424-8220. https://doi.org/10.3390/s23198044. https://www.mdpi.com/1424-8220/23/19/8044

18.

Powers, D.M.W.: Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation. arXiv:2010.16061 [cs, stat], October 2020. https://arxiv.org/abs/2010.16061. Accessed 11 Sept 2023

19.

Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: NetFlow datasets for machine learning-based network intrusion detection systems. In: Deze, Z., Huang, H., Hou, R., Rho, S., Chilamkurti, N. (eds.) BDTA/WiCON -2020. LNICST, vol. 371, pp. 117–135. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72802-1_9CrossRef

20.

Sokolova, M., Lapalme, G.: A systematic analysis of performance measures for classification tasks. Inf. Process. Manage. 45(4), 427–437 (2009). ISSN 0306-4573. https://doi.org/10.1016/j.ipm.2009.03.002. https://linkinghub.elsevier.com/retrieve/pii/S0306457309000259. Accessed 11 Sept 2023

21.

Veličković, P., et al.: Graph Attention Networks (2017). arXiv Version Number: 3. https://doi.org/10.48550/ARXIV.1710.10903. https://arxiv.org/abs/1710.10903. Accessed 09 Feb 2023

22.

Xiao, J., et al.: Robust anomaly-based intrusion detection system for in vehicle network by graph neural network framework. Appl. Intell. 53(3), 3183–3206 (2023). ISSN 0924-669X, 1573-7497. https://doi.org/10.1007/s10489-022-03412-8. Accessed 24 Jan 2023

23.

Zhang, S., et al.: Graph convolutional networks: a comprehensive review. Comput. Soc. Netw. 6(1), 11 (2019). ISSN 2197-4314. https://doi.org/10.1186/s40649-019-0069-y. https://computationalsocialnetworks.springeropen.com/articles/10.1186/s40649-019-0069-y. Accessed 11 Sept 2023

24.

Zhang, Y., et al.: Intrusion detection of industrial Internet-of-Things based on reconstructed graph neural networks. IEEE Trans. Netw. Sci. Eng. 1–12 (2022). ISSN 2327-4697, 2334-329X. https://doi.org/10.1109/TNSE.2022.3184975. https://ieeexplore.ieee.org/document/9802721/. Accessed 24 Jan 2023

25.

Zhou, Y., Chiu, D.M., Lui, J.C.S.: A simple model for chunk-scheduling strategies in P2P streaming. IEEE/ACM Trans. Netw. 19, 42–54 (2011). https://doi.org/10.1109/TNET.2010.2065237CrossRef

Title: StrucTemp-GNN: An Intrusion Detection Framework in IoT Networks Using Dynamic Heterogeneous Graph Neural Networks
Authors: Imed Eddine Boukari
Ihab Abderrahmane Derdouha
Samia Bouzefrane
Leila Hamdad
Safia Nait-Bahloul
Thomas Huraux
Publisher: Springer Nature Switzerland
Book: Mobile, Secure, and Programmable Networking
Print ISBN: 978-3-031-52425-7

Electronic ISBN: 978-3-031-52426-4

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-52426-4_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner