E-GraphSAGE: A Graph Neural Network based Intrusion Detection System for IoT
About
This paper presents a new Network Intrusion Detection System (NIDS) based on Graph Neural Networks (GNNs). GNNs are a relatively new sub-field of deep neural networks, which can leverage the inherent structure of graph-based data. Training and evaluation data for NIDSs are typically represented as flow records, which can naturally be represented in a graph format. In this paper, we propose E-GraphSAGE, a GNN approach that allows capturing both the edge features of a graph as well as the topological information for network intrusion detection in IoT networks. To the best of our knowledge, our proposal is the first successful, practical, and extensively evaluated approach of applying GNNs on the problem of network intrusion detection for IoT using flow-based data. Our extensive experimental evaluation on four recent NIDS benchmark datasets shows that our approach outperforms the state-of-the-art in terms of key classification metrics, which demonstrates the potential of GNNs in network intrusion detection, and provides motivation for further research.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Malicious Traffic Detection | CIC-IDS 2018 (with drift) | Accuracy79.37 | 5 | |
| Malicious Traffic Detection | ToN-IoT (without drift) | Accuracy89.42 | 5 | |
| Malicious Traffic Detection | BoT-IoT without drift | Accuracy98.88 | 5 | |
| Malicious Traffic Detection | BoT-IoT with drift | Accuracy97.83 | 5 | |
| Malicious Traffic Detection | UNSW-NB15 (without drift) | Accuracy98.66 | 5 | |
| Malicious Traffic Detection | Synthetic (without drift) | Accuracy97.04 | 5 | |
| Malicious Traffic Detection | Synthetic (with drift) | ACC69.11 | 5 | |
| Malicious Traffic Detection | Overall Performance without drift | ACC96.17 | 5 | |
| Malicious Traffic Detection | Overall Performance with drift | Accuracy71.72 | 5 | |
| Malicious Traffic Detection | CIC-IDS without drift 2018 | Accuracy96.84 | 5 |