E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT

TL;DR

This paper introduces E-GraphSAGE, a novel GNN-based intrusion detection system for IoT networks that effectively captures graph structure and edge features, outperforming existing methods on benchmark datasets.

Contribution

The paper presents the first practical application of GNNs for IoT network intrusion detection using flow-based data, with extensive evaluation showing superior performance.

Findings

Outperforms state-of-the-art in classification metrics

Effective in capturing topological and edge features

Demonstrates potential of GNNs in IoT security

Abstract

This paper presents a new Network Intrusion Detection System (NIDS) based on Graph Neural Networks (GNNs). GNNs are a relatively new sub-field of deep neural networks, which can leverage the inherent structure of graph-based data. Training and evaluation data for NIDSs are typically represented as flow records, which can naturally be represented in a graph format. In this paper, we propose E-GraphSAGE, a GNN approach that allows capturing both the edge features of a graph as well as the topological information for network intrusion detection in IoT networks. To the best of our knowledge, our proposal is the first successful, practical, and extensively evaluated approach of applying GNNs on the problem of network intrusion detection for IoT using flow-based data. Our extensive experimental evaluation on four recent NIDS benchmark datasets shows that our approach outperforms the state-of-the-art in terms of key classification metrics, which demonstrates the potential of GNNs in network intrusion detection, and provides motivation for further research.