IoT Malware Network Traffic Detection using Deep Learning and GraphSAGE Models

TL;DR

This paper evaluates deep learning and graph-based models, especially GraphSAGE and BERT, for detecting malicious IoT network traffic, with BERT achieving the highest accuracy of 99.94%.

Contribution

It provides a comprehensive comparison of multiple deep learning and graph models for IoT malware detection, highlighting BERT's superior performance and the trade-offs of different models.

Findings

BERT achieved 99.94% accuracy in detecting IoT malware.

GraphSAGE required the shortest training time but had lower accuracy.

Multi-Head Attention provided interpretable results with good detection capabilities.

Abstract

This paper intends to detect IoT malicious attacks through deep learning models and demonstrates a comprehensive evaluation of the deep learning and graph-based models regarding malicious network traffic detection. The models particularly are based on GraphSAGE, Bidirectional encoder representations from transformers (BERT), Temporal Convolutional Network (TCN) as well as Multi-Head Attention, together with Bidirectional Long Short-Term Memory (BI-LSTM) Multi-Head Attention and BI-LSTM and LSTM models. The chosen models demonstrated great performance to model temporal patterns and detect feature significance. The observed performance are mainly due to the fact that IoT system traffic patterns are both sequential and diverse, leaving a rich set of temporal patterns for the models to learn. Experimental results showed that BERT maintained the best performance. It achieved 99.94% accuracy rate alongside high precision and recall, F1-score and AUC-ROC score of 99.99% which demonstrates its capabilities through temporal dependency capture. The Multi-Head Attention offered promising results by providing good detection capabilities with interpretable results. On the other side, the Multi-Head Attention model required significant processing time like BI-LSTM variants. The GraphSAGE model achieved good accuracy while requiring the shortest training time but yielded the lowest accuracy, precision, and F1 score compared to the other models