The widespread deployment of Internet of Things (IoT) devices in homes, industries, and public spaces presents significant cybersecurity challenges, particularly due to their limited computational capabilities and often insecure configurations. Detecting infected devices through network analysis presents a significant challenge given the diversity of network protocols and behaviors. Traditional methods, reliant on packet statistics or binary signatures, show their limits in these complex environments. Recent advancements in machine learning and deep learning offer promising alternatives, also through the use of graph-based representations that capture network topology and facilitate the detection of complex attack patterns. This paper presents a comprehensive analysis in a realistic setup of two state-of-the-art Graph Neural Networks (GNNs) designed for node anomaly detection, applied to a large-scale dataset of IoT network traffic. The dataset, comprising over 240,000 graphs extracted from IoT23, IoTID20, and IoT-Traces, includes both benign and malicious communications. In the analysis we take into account the impact of varying snapshot durations and graph-based representations on the performance achieved by the GNNs. The results suggest that using a state-of-the-art graph autoencoder (DOMINANT) with a computationally efficient representation (TDG) is the best trade-off among the considered constraints and variables.
Enhancing IoT Network Security with Graph Neural Networks for Node Anomaly Detection
Carletti V.;Foggia P.;Rosa F.;Vento M.
2024
Abstract
The widespread deployment of Internet of Things (IoT) devices in homes, industries, and public spaces presents significant cybersecurity challenges, particularly due to their limited computational capabilities and often insecure configurations. Detecting infected devices through network analysis presents a significant challenge given the diversity of network protocols and behaviors. Traditional methods, reliant on packet statistics or binary signatures, show their limits in these complex environments. Recent advancements in machine learning and deep learning offer promising alternatives, also through the use of graph-based representations that capture network topology and facilitate the detection of complex attack patterns. This paper presents a comprehensive analysis in a realistic setup of two state-of-the-art Graph Neural Networks (GNNs) designed for node anomaly detection, applied to a large-scale dataset of IoT network traffic. The dataset, comprising over 240,000 graphs extracted from IoT23, IoTID20, and IoT-Traces, includes both benign and malicious communications. In the analysis we take into account the impact of varying snapshot durations and graph-based representations on the performance achieved by the GNNs. The results suggest that using a state-of-the-art graph autoencoder (DOMINANT) with a computationally efficient representation (TDG) is the best trade-off among the considered constraints and variables.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
