Abstract
Nowadays, millions of Internet of Things (IoT) devices communicate over the Internet, thus becoming potential targets for cyberattacks. Due to the limited hardware capabilities of these devices, host-based countermeasures are unlikely to be deployed on them, making network traffic analysis the only reasonable way to detect malicious activities. In this paper, we face the problem of identifying abnormal communications in IoT networks using graph-based anomaly detection methods. Although anomaly detection has already been applied to graph-based data, most existing methods have been used for static graphs, with the aim of detecting anomalous nodes. In our case, the graphs represent snapshots of the network traffic, and change with time. In this paper we compare different graph-based methods, and different graph representations of the network traffic, using two large datasets of real IoT data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abbasi, M., Shahraki, A., Taherkordi, A.: Deep learning for network traffic monitoring and analysis (NTMA): a survey. Comput. Commun. 170, 19–41 (2021). https://doi.org/10.1016/j.comcom.2021.01.021
Aouini, Z., Pekar, A.: Nfstream: a flexible network data analysis framework. Comput. Netw. 204, 108719 (2022)
Churcher, A., et al.: An experimental analysis of attack classification using machine learning in IOT networks. Sensors 21(2), 446 (2021)
Deng, A., Hooi, B.: Graph neural network-based anomaly detection in multivariate time series. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, pp. 4027–4035 (2021)
Ding, K., Li, J., Bhanushali, R., Liu, H.: Deep anomaly detection on attributed networks. In: Proceedings of the 2019 SIAM International Conference on Data Mining, pp. 594–602. SIAM (2019)
Fahim, M., Sillitti, A.: Anomaly detection, analysis and prediction techniques in IOT environment: a systematic literature review. IEEE Access 7, 81664–81681 (2019). https://doi.org/10.1109/ACCESS.2019.2921912
Iliofotou, M., Pappu, P., Faloutsos, M., Mitzenmacher, M., Singh, S., Varghese, G.: Network monitoring using traffic dispersion graphs (TDGs). In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 315–320 (2007)
Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-IOT dataset. Future Gen. Comput. Syst. 100, 779–796 (2019)
Lo, W.W., Layeghy, S., Sarhan, M., Gallagher, M., Portmann, M.: E-graphsage: a graph neural network based intrusion detection system for IOT. In: NOMS 2022–2022 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9. IEEE (2022)
Lotfollahi, M., Siavoshani, M.J., Zade, R.S.H., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput. 24(3), 1999–2012 (2019). https://doi.org/10.1007/s00500-019-04030-2
Ma, X., et al.:: A comprehensive survey on graph anomaly detection with deep learning. IEEE Trans. Knowl. Data Eng. (2021)
Macas, M., Wu, C., Fuertes, W.: A survey on deep learning for cybersecurity: progress, challenges, and opportunities. Comput. Netw. 212, 109032 (2022). https://doi.org/10.1016/j.comnet.2022.109032
Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., Aguilar, J.: Towards the deployment of machine learning solutions in network traffic classification: a systematic survey. IEEE Commun. Surv. Tutor. 21(2), 1988–2014 (2019). https://doi.org/10.1109/COMST.2018.2883147
Parmisano, A., Garcia, S., Erquiaga, M.J.: A Labeled Dataset with Malicious and Benign IOT Network Traffic. Stratosphere Laboratory, Praha, Czech Republic (2020)
The Guardian: DDoS attack that disrupted internet was largest of its kind in history, experts say. https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet
Ullah, I., Mahmoud, Q.H.: A scheme for generating a dataset for anomalous activity detection in IoT networks. In: Goutte, C., Zhu, X. (eds.) Canadian AI 2020. LNCS (LNAI), vol. 12109, pp. 508–520. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-47358-7_52
Wang, X., Jin, B., Du, Y., Cui, P., Tan, Y., Yang, Y.: One-class graph neural networks for anomaly detection in attributed networks. Neural Comput. Appl. 33, 12073–12085 (2021)
Xu, Z., Huang, X., Zhao, Y., Dong, Y., Li, J.: Contrastive attributed network anomaly detection with data augmentation. In: Advances in Knowledge Discovery and Data Mining: 26th Pacific-Asia Conference, PAKDD 2022, Chengdu, 16–19 May 2022, Proceedings, Part II, pp. 444–457. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-05936-0_35
Zheng, J., Li, D.: Gcn-tc: combining trace graph with statistical features for network traffic classification. In: ICC 2019–2019 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2019)
Zheng, J., Zeng, Z., Feng, T.: Gcn-eta: high-efficiency encrypted malicious traffic detection. Secur. Commun. Netw. 2022, 1–11 (2022)
Zola, F., Segurola-Gil, L., Bruse, J.L., Galar, M., Orduna-Urrutia, R.: Network traffic analysis through node behaviour classification: a graph-based approach with temporal dissection and data-level preprocessing. Comput. Secur. 115, 102632 (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Carletti, V., Foggia, P., Vento, M. (2023). Detecting Abnormal Communication Patterns in IoT Networks Using Graph Neural Networks. In: Vento, M., Foggia, P., Conte, D., Carletti, V. (eds) Graph-Based Representations in Pattern Recognition. GbRPR 2023. Lecture Notes in Computer Science, vol 14121. Springer, Cham. https://doi.org/10.1007/978-3-031-42795-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-42795-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42794-7
Online ISBN: 978-3-031-42795-4
eBook Packages: Computer ScienceComputer Science (R0)
