research-article

Divide, Conquer, and Coalesce: Meta Parallel Graph Neural Network for IoT Intrusion Detection at Scale

Authors:

Zhe QuAuthors Info & Claims

WWW '24: Proceedings of the ACM Web Conference 2024

Pages 1656 - 1667

https://doi.org/10.1145/3589334.3645457

Published: 13 May 2024 Publication History

Abstract

This paper proposes Meta Parallel Graph Neural Network (MPGNN) to establish a scalable Network Intrusion Detection System (NIDS) for large-scale Internet of Things (IoT) networks. MPGNN leverages a meta-learning framework to optimize the parallelism of GNN-based NIDS. The core of MPGNN is a coalition formation policy that generates meta-knowledge for partitioning a massive graph into multiple coalitions/subgraphs in a way that maximizes the performance and efficiency of parallel coalitional NIDSs. We propose an offline reinforcement learning algorithm, called Graph-Embedded Adversarially Trained Actor-Critic (G-ATAC), to learn a coalition formation policy that jointly optimizes intrusion detection accuracy, communication overheads, and computational complexities of coalitional NIDSs. In particular, G-ATAC learns to capture the temporal dependencies of network states and coalition formation decisions over offline data, eliminating the need for expensive online interactions with large IoT networks. Given generated coalitions, MPGNN employs E-GraphSAGE to establish coalitional NIDSs which then collaborate via ensemble prediction to accomplish intrusion detection for the entire network. We evaluate MPGNN on two real-world datasets. The experimental results demonstrate the superiority of our method with substantial improvements in F1 score, surpassing the state-of-the-art methods by 0.38 and 0.29 for the respective datasets. Compared to the centralized NIDS, MPGNN reduces the training time of NIDS by 41.63% and 22.11%, while maintaining an intrusion detection performance comparable to centralized NIDS.

Supplemental Material

MP4 File

Supplemental video

Download
13.21 MB

References

[1]

Sarhad Arisdakessian, Omar Abdel Wahab, Azzam Mourad, Hadi Otrok, and Mohsen Guizani. 2022. A Survey on IoT Intrusion Detection: Federated Learning, Game Theory, Social Psychology, and Explainable AI as Future Directions. IEEE Internet of Things Journal, Vol. 10, 5 (2022), 4059--4092.

[2]

Leemon Baird. 1995. Residual Algorithms: Reinforcement Learning with Function Approximation. In Machine Learning Proceedings 1995. Elsevier, 30--37.

[3]

Michael Batty, Kay W Axhausen, Fosca Giannotti, Alexei Pozdnoukhov, Armando Bazzani, Monica Wachowicz, Georgios Ouzounis, and Yuval Portugali. 2012. Smart Cities of the Future. The European Physical Journal Special Topics, Vol. 214 (2012), 481--518.

[4]

Vincent D Blondel, Jean-Loup Guillaume, Renaud Lambiotte, and Etienne Lefebvre. 2008. Fast Unfolding of Communities in Large Networks. Journal of Statistical Mechanics: Theory and Experiment, Vol. 2008, 10 (2008), P10008.

[5]

Christian Cervantes, Diego Poplade, Michele Nogueira, and Aldri Santos. 2015. Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for Internet of Things. In 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, 606--611.

[6]

Ching-An Cheng, Tengyang Xie, Nan Jiang, and Alekh Agarwal. 2022. Adversarially Trained Actor Critic for Offline Reinforcement Learning. In International Conference on Machine Learning. PMLR, 3852--3878.

[7]

Benoit Claise. 2004. Rfc 3954: Cisco Systems Netflow Services Export Version 9.

[8]

Aaron Clauset, Mark EJ Newman, and Cristopher Moore. 2004. Finding Community Structure in Very Large Networks. Physical Review E, Vol. 70, 6 (2004), 066111.

[9]

George Dimitrakopoulos and Panagiotis Demestichas. 2010. Intelligent Transportation Systems. IEEE Vehicular Technology Magazine, Vol. 5, 1 (2010), 77--84.

[10]

Guanghan Duan, Hongwu Lv, Huiqiang Wang, and Guangsheng Feng. 2022. Application of A Dynamic Line Graph Neural Network for Intrusion Detection with Semisupervised Learning. IEEE Transactions on Information Forensics and Security, Vol. 18 (2022), 699--714.

[11]

Dave Evans. 2011. The Internet of Things. How the Next Evolution of the Internet is Changing Everything, Whitepaper, Cisco Internet Business Solutions Group (IBSG), Vol. 1 (2011), 1--12.

[12]

Tuomas Haarnoja, Aurick Zhou, Pieter Abbeel, and Sergey Levine. 2018. Soft Actor-critic: Off-policy Maximum Entropy Deep Reinforcement Learning with A Stochastic Actor. In International Conference on Machine Learning. PMLR, 1861--1870.

[13]

Frank Harary and C St JA Nash-Williams. 1965. On Eulerian and Hamiltonian Graphs and Line Graphs. Canad. Math. Bull., Vol. 8, 6 (1965), 701--709.

[14]

Ryan Heartfield, George Loukas, Anatolij Bezemskij, and Emmanouil Panaousis. 2020. Self-configurable Cyber-physical Intrusion Detection for Smart Homes Using Reinforcement Learning. IEEE Transactions on Information Forensics and Security, Vol. 16 (2020), 1720--1735.

Digital Library

[15]

Feng Jiang, Yunsheng Fu, Brij B Gupta, Yongsheng Liang, Seungmin Rho, Fang Lou, Fanzhi Meng, and Zhihong Tian. 2018. Deep Learning Based Multi-channel Intelligent Attack Detection for Data Security. IEEE Transactions on Sustainable Computing, Vol. 5, 2 (2018), 204--212.

[16]

Alex Krizhevsky, Ilya Sutskever, and Geoffrey E Hinton. 2012. Imagenet Classification with Deep Convolutional Neural Networks. Advances in Neural Information Processing Systems, Vol. 25 (2012).

[17]

Wai Weng Lo, Siamak Layeghy, Mohanad Sarhan, Marcus Gallagher, and Marius Portmann. 2022. E-graphsage: A Graph Neural Network Based Intrusion Detection System for Iot. In NOMS 2022--2022 IEEE/IFIP Network Operations and Management Symposium. IEEE, 1--9.

[18]

Azade Nazi, Will Hang, Anna Goldie, Sujith Ravi, and Azalia Mirhoseini. 2019. A Deep Learning Framework for Graph Partitioning. ICLR (2019).

[19]

Segun I Popoola, Ruth Ande, Bamidele Adebisi, Guan Gui, Mohammad Hammoudeh, and Olamide Jogunola. 2021. Federated Deep Learning for Zero-day Botnet Attack Detection in IoT-edge Devices. IEEE Internet of Things Journal, Vol. 9, 5 (2021), 3930--3944.

[20]

Mohanad Sarhan, Siamak Layeghy, and Marius Portmann. 2022. Evaluating Standard Feature Sets towards Increased Generalisability and Explainability of ML-based Network Intrusion Detection. Big Data Research, Vol. 30 (2022), 100359.

Digital Library

[21]

Michael Shirer and Carrie MacGillivray. 2019. The Growth in Connected Iot Devices is Expected to Generate 79.4 zb of Data in 2025, According to A New Idc Forecast. IDC. com. https://www. idc. com/getdoc. jsp (2019).

[22]

Emiliano Sisinni, Abusayeed Saifullah, Song Han, Ulf Jennehag, and Mikael Gidlund. 2018. Industrial Internet of Things: Challenges, Opportunities, and Directions. IEEE Transactions on Industrial Informatics, Vol. 14, 11 (2018), 4724--4734.

[23]

StereoLabs. 2023. ZED Box. https://www.stereolabs.com/zed-box/

[24]

Hudan Studiawan, Ferdous Sohel, and Christian Payne. 2020. Anomaly Detection in Operating System Logs with Deep Learning-based Sentiment Analysis. IEEE Transactions on Dependable and Secure Computing, Vol. 18, 5 (2020), 2136--2148.

Digital Library

[25]

Guosong Sun and Quan Qian. 2018. Deep Learning and Visualization for Identifying Malware Families. IEEE Transactions on Dependable and Secure Computing, Vol. 18, 1 (2018), 283--295.

Digital Library

[26]

Richard S Sutton and Andrew G Barto. 2018. Reinforcement Learning: An Introduction. MIT press.

Digital Library

[27]

R Vinayakumar, KP Soman, and Prabaharan Poornachandran. 2017. Applying Convolutional Neural Network for Network Intrusion Detection. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI). IEEE, 1222--1228.

[28]

Linus Wallgren, Shahid Raza, and Thiemo Voigt. 2013. Routing attacks and countermeasures in the RPL-based internet of things. International Journal of Distributed Sensor Networks, Vol. 9, 8 (2013), 794326.

[29]

Qingsai Xiao, Jian Liu, Quiyun Wang, Zhengwei Jiang, Xuren Wang, and Yepeng Yao. 2020. Towards Network Anomaly Detection Using Graph Embedding. In Computational Science--ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3--5, 2020, Proceedings, Part IV 20. Springer, 156--169.

[30]

Tengyang Xie, Ching-An Cheng, Nan Jiang, Paul Mineiro, and Alekh Agarwal. 2021. Bellman-consistent Pessimism for Offline Reinforcement Learning. Advances in Neural Information Processing Systems, Vol. 34 (2021), 6683--6694.

[31]

Congyuan Xu, Jizhong Shen, and Xin Du. 2020. A Method of Few-shot Network Intrusion Detection Based on Meta-learning Framework. IEEE Transactions on Information Forensics and Security, Vol. 15 (2020), 3540--3552.

[32]

Run Yang, Hui He, Yixiao Xu, Bangzhou Xin, Yulong Wang, Yue Qu, and Weizhe Zhang. 2023. Efficient Intrusion Detection toward IoT Networks Using Cloud--edge Collaboration. Computer Networks, Vol. 228 (2023), 109724.

Digital Library

[33]

Wojciech Zaremba, Ilya Sutskever, and Oriol Vinyals. 2014. Recurrent Neural Network Regularization. arXiv preprint arXiv:1409.2329 (2014).

[34]

Jiawei Zhou, Zhiying Xu, Alexander M Rush, and Minlan Yu. 2020b. Automating Botnet Detection with Graph Neural Networks. arXiv preprint arXiv:2003.06344 (2020).

[35]

Xiaokang Zhou, Yiyong Hu, Wei Liang, Jianhua Ma, and Qun Jin. 2020a. Variational LSTM Enhanced Anomaly Detection for Industrial Big Data. IEEE Transactions on Industrial Informatics, Vol. 17, 5 (2020), 3469--3477.

[36]

Huidi Zhu and Jialiang Lu. 2022. Graph-based Intrusion Detection System Using General Behavior Learning. In GLOBECOM 2022--2022 IEEE Global Communications Conference. IEEE, 2621--2626.

[37]

Konglin Zhu, Zhicheng Chen, Yuyang Peng, and Lin Zhang. 2019. Mobile Edge Assisted Literal Multi-dimensional Anomaly Detection of In-Vehicle Network Using LSTM. IEEE Transactions on Vehicular Technology, Vol. 68, 5 (2019), 4275--4284.

Cited By

Yan HLin XLi SPeng HZhang B(2025)Global or Local Adaptation? Client-Sampled Federated Meta-Learning for Personalized IoT Intrusion DetectionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.351654820(279-293)Online publication date: 2025
https://doi.org/10.1109/TIFS.2024.3516548
Yuan ZSun QZhou HShao MFu X(2025)A comprehensive survey on GNN-based anomaly detection: taxonomy, methods, and the role of large language modelsInternational Journal of Machine Learning and Cybernetics10.1007/s13042-024-02516-6Online publication date: 4-Feb-2025
https://doi.org/10.1007/s13042-024-02516-6
Tong HMa HShen HLi ZChang L(2024)Crucial rather than random: Attacking crucial substructure for backdoor attacks on graph neural networksEngineering Applications of Artificial Intelligence10.1016/j.engappai.2024.108966136(108966)Online publication date: Oct-2024
https://doi.org/10.1016/j.engappai.2024.108966

Index Terms

Divide, Conquer, and Coalesce: Meta Parallel Graph Neural Network for IoT Intrusion Detection at Scale
1. Computing methodologies
  1. Artificial intelligence
2. Networks
  1. Network properties
    1. Network security

Recommendations

Enhancing byte-level network intrusion detection signatures with context
CCS '03: Proceedings of the 10th ACM conference on Computer and communications security

Many network intrusion detection systems (NIDS) use byte sequences as signatures to detect malicious activity. While being highly efficient, they tend to suffer from a high false-positive rate. We develop the concept of contextual signatures as an ...
GNN-IDS: Graph Neural Network based Intrusion Detection System
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

Intrusion detection systems (IDSs) are widely used to identify anomalies in computer networks and raise alarms on intrusive behaviors. ML-based IDSs generally take network traces or host logs as input to extract patterns from individual samples, whereas ...
Network intrusion detection

Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. The goal of intrusion detection is to identify unauthorized use, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WWW '24: Proceedings of the ACM Web Conference 2024

May 2024

4826 pages

ISBN:9798400701719

DOI:10.1145/3589334

General Chairs:
Tat-Seng Chua
National University of Singapore
,
Chong-Wah Ngo
Singapore Management University
,
Proceedings Chair:
Roy Ka-Wei Lee
Singapore University of Technology and Design
,
Program Chairs:
Ravi Kumar
Google
,
Hady W. Lauw
Singapore Management University

Copyright © 2024 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

he National Nature Science Foundation of China

Conference

WWW '24

Sponsor:

SIGWEB

WWW '24: The ACM Web Conference 2024

May 13 - 17, 2024

Singapore, Singapore

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
278
Total Downloads

Downloads (Last 12 months)278
Downloads (Last 6 weeks)14

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yan HLin XLi SPeng HZhang B(2025)Global or Local Adaptation? Client-Sampled Federated Meta-Learning for Personalized IoT Intrusion DetectionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.351654820(279-293)Online publication date: 2025
https://doi.org/10.1109/TIFS.2024.3516548
Yuan ZSun QZhou HShao MFu X(2025)A comprehensive survey on GNN-based anomaly detection: taxonomy, methods, and the role of large language modelsInternational Journal of Machine Learning and Cybernetics10.1007/s13042-024-02516-6Online publication date: 4-Feb-2025
https://doi.org/10.1007/s13042-024-02516-6
Tong HMa HShen HLi ZChang L(2024)Crucial rather than random: Attacking crucial substructure for backdoor attacks on graph neural networksEngineering Applications of Artificial Intelligence10.1016/j.engappai.2024.108966136(108966)Online publication date: Oct-2024
https://doi.org/10.1016/j.engappai.2024.108966

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten